
Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:5053' (ECDSA) to the list of known hosts.
2022/09/14 12:42:40 fuzzer started
2022/09/14 12:42:40 dialing manager at localhost:33849
syzkaller login: [   36.147599] cgroup: Unknown subsys name 'net'
[   36.223032] cgroup: Unknown subsys name 'rlimit'
2022/09/14 12:42:56 syscalls: 2215
2022/09/14 12:42:56 code coverage: enabled
2022/09/14 12:42:56 comparison tracing: enabled
2022/09/14 12:42:56 extra coverage: enabled
2022/09/14 12:42:56 setuid sandbox: enabled
2022/09/14 12:42:56 namespace sandbox: enabled
2022/09/14 12:42:56 Android sandbox: enabled
2022/09/14 12:42:56 fault injection: enabled
2022/09/14 12:42:56 leak checking: enabled
2022/09/14 12:42:56 net packet injection: enabled
2022/09/14 12:42:56 net device setup: enabled
2022/09/14 12:42:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/14 12:42:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/14 12:42:56 USB emulation: enabled
2022/09/14 12:42:56 hci packet injection: enabled
2022/09/14 12:42:56 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220914                                          )
2022/09/14 12:42:56 802.15.4 emulation: enabled
2022/09/14 12:42:56 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/14 12:42:56 fetching corpus: 43, signal 24976/28587 (executing program)
2022/09/14 12:42:56 fetching corpus: 93, signal 37220/42314 (executing program)
2022/09/14 12:42:56 fetching corpus: 143, signal 49662/55994 (executing program)
2022/09/14 12:42:56 fetching corpus: 193, signal 56241/63830 (executing program)
2022/09/14 12:42:56 fetching corpus: 243, signal 63055/71764 (executing program)
2022/09/14 12:42:57 fetching corpus: 293, signal 68498/78252 (executing program)
2022/09/14 12:42:57 fetching corpus: 343, signal 74490/85177 (executing program)
2022/09/14 12:42:57 fetching corpus: 393, signal 80007/91597 (executing program)
2022/09/14 12:42:57 fetching corpus: 443, signal 84936/97419 (executing program)
2022/09/14 12:42:57 fetching corpus: 493, signal 87106/100606 (executing program)
2022/09/14 12:42:57 fetching corpus: 543, signal 90037/104415 (executing program)
2022/09/14 12:42:57 fetching corpus: 593, signal 94453/109491 (executing program)
2022/09/14 12:42:58 fetching corpus: 643, signal 98721/114378 (executing program)
2022/09/14 12:42:58 fetching corpus: 693, signal 102332/118544 (executing program)
2022/09/14 12:42:58 fetching corpus: 743, signal 105654/122482 (executing program)
2022/09/14 12:42:58 fetching corpus: 793, signal 107411/124968 (executing program)
2022/09/14 12:42:58 fetching corpus: 843, signal 109884/128085 (executing program)
2022/09/14 12:42:58 fetching corpus: 893, signal 113280/131877 (executing program)
2022/09/14 12:42:58 fetching corpus: 943, signal 115974/135019 (executing program)
2022/09/14 12:42:59 fetching corpus: 993, signal 119627/138880 (executing program)
2022/09/14 12:42:59 fetching corpus: 1043, signal 122487/142121 (executing program)
2022/09/14 12:42:59 fetching corpus: 1093, signal 125798/145629 (executing program)
2022/09/14 12:42:59 fetching corpus: 1143, signal 127723/147962 (executing program)
2022/09/14 12:42:59 fetching corpus: 1193, signal 130307/150755 (executing program)
2022/09/14 12:42:59 fetching corpus: 1243, signal 132139/152978 (executing program)
2022/09/14 12:42:59 fetching corpus: 1293, signal 134837/155822 (executing program)
2022/09/14 12:43:00 fetching corpus: 1343, signal 136987/158159 (executing program)
2022/09/14 12:43:00 fetching corpus: 1393, signal 139057/160459 (executing program)
2022/09/14 12:43:00 fetching corpus: 1443, signal 141247/162717 (executing program)
2022/09/14 12:43:00 fetching corpus: 1493, signal 142108/164022 (executing program)
2022/09/14 12:43:00 fetching corpus: 1543, signal 143397/165609 (executing program)
2022/09/14 12:43:00 fetching corpus: 1593, signal 144918/167436 (executing program)
2022/09/14 12:43:00 fetching corpus: 1643, signal 145843/168709 (executing program)
2022/09/14 12:43:01 fetching corpus: 1693, signal 147159/170218 (executing program)
2022/09/14 12:43:01 fetching corpus: 1743, signal 148912/172057 (executing program)
2022/09/14 12:43:01 fetching corpus: 1793, signal 150615/173790 (executing program)
2022/09/14 12:43:01 fetching corpus: 1843, signal 152009/175271 (executing program)
2022/09/14 12:43:01 fetching corpus: 1893, signal 153224/176661 (executing program)
2022/09/14 12:43:01 fetching corpus: 1943, signal 154784/178226 (executing program)
2022/09/14 12:43:01 fetching corpus: 1993, signal 156058/179626 (executing program)
2022/09/14 12:43:02 fetching corpus: 2043, signal 157379/180988 (executing program)
2022/09/14 12:43:02 fetching corpus: 2093, signal 158526/182200 (executing program)
2022/09/14 12:43:02 fetching corpus: 2143, signal 160125/183716 (executing program)
2022/09/14 12:43:02 fetching corpus: 2193, signal 161678/185120 (executing program)
2022/09/14 12:43:02 fetching corpus: 2243, signal 163136/186458 (executing program)
2022/09/14 12:43:02 fetching corpus: 2293, signal 164424/187650 (executing program)
2022/09/14 12:43:02 fetching corpus: 2343, signal 165733/188830 (executing program)
2022/09/14 12:43:02 fetching corpus: 2393, signal 166607/189758 (executing program)
2022/09/14 12:43:03 fetching corpus: 2443, signal 167896/190899 (executing program)
2022/09/14 12:43:03 fetching corpus: 2493, signal 169045/191965 (executing program)
2022/09/14 12:43:03 fetching corpus: 2543, signal 170082/192944 (executing program)
2022/09/14 12:43:03 fetching corpus: 2593, signal 171293/193951 (executing program)
2022/09/14 12:43:03 fetching corpus: 2643, signal 172484/194907 (executing program)
2022/09/14 12:43:03 fetching corpus: 2693, signal 173307/195752 (executing program)
2022/09/14 12:43:03 fetching corpus: 2743, signal 174437/196699 (executing program)
2022/09/14 12:43:04 fetching corpus: 2793, signal 175630/197586 (executing program)
2022/09/14 12:43:04 fetching corpus: 2843, signal 177517/198786 (executing program)
2022/09/14 12:43:04 fetching corpus: 2893, signal 178812/199822 (executing program)
2022/09/14 12:43:04 fetching corpus: 2943, signal 179422/200488 (executing program)
2022/09/14 12:43:04 fetching corpus: 2993, signal 180474/201279 (executing program)
2022/09/14 12:43:04 fetching corpus: 3043, signal 181556/202117 (executing program)
2022/09/14 12:43:05 fetching corpus: 3093, signal 182628/202874 (executing program)
2022/09/14 12:43:05 fetching corpus: 3143, signal 184190/203802 (executing program)
2022/09/14 12:43:05 fetching corpus: 3193, signal 185368/204662 (executing program)
2022/09/14 12:43:05 fetching corpus: 3243, signal 186188/205247 (executing program)
2022/09/14 12:43:05 fetching corpus: 3293, signal 187257/205904 (executing program)
2022/09/14 12:43:05 fetching corpus: 3343, signal 188274/206499 (executing program)
2022/09/14 12:43:05 fetching corpus: 3393, signal 189706/207306 (executing program)
2022/09/14 12:43:06 fetching corpus: 3443, signal 190601/207836 (executing program)
2022/09/14 12:43:06 fetching corpus: 3493, signal 191839/208511 (executing program)
2022/09/14 12:43:06 fetching corpus: 3543, signal 192911/209183 (executing program)
2022/09/14 12:43:06 fetching corpus: 3593, signal 193771/209747 (executing program)
2022/09/14 12:43:06 fetching corpus: 3643, signal 194450/210170 (executing program)
2022/09/14 12:43:06 fetching corpus: 3693, signal 195324/210626 (executing program)
2022/09/14 12:43:06 fetching corpus: 3743, signal 195796/210954 (executing program)
2022/09/14 12:43:07 fetching corpus: 3793, signal 196825/211544 (executing program)
2022/09/14 12:43:07 fetching corpus: 3843, signal 197508/211899 (executing program)
2022/09/14 12:43:07 fetching corpus: 3893, signal 198625/212423 (executing program)
2022/09/14 12:43:07 fetching corpus: 3943, signal 199597/212828 (executing program)
2022/09/14 12:43:07 fetching corpus: 3993, signal 200906/213279 (executing program)
2022/09/14 12:43:08 fetching corpus: 4043, signal 201755/213602 (executing program)
2022/09/14 12:43:08 fetching corpus: 4093, signal 202624/213942 (executing program)
2022/09/14 12:43:08 fetching corpus: 4143, signal 204134/214356 (executing program)
2022/09/14 12:43:08 fetching corpus: 4193, signal 204672/214615 (executing program)
2022/09/14 12:43:08 fetching corpus: 4243, signal 205925/215390 (executing program)
2022/09/14 12:43:08 fetching corpus: 4293, signal 206502/215603 (executing program)
2022/09/14 12:43:08 fetching corpus: 4343, signal 206981/215798 (executing program)
2022/09/14 12:43:08 fetching corpus: 4393, signal 207804/216039 (executing program)
2022/09/14 12:43:09 fetching corpus: 4443, signal 208416/216198 (executing program)
2022/09/14 12:43:09 fetching corpus: 4493, signal 209046/216376 (executing program)
2022/09/14 12:43:09 fetching corpus: 4543, signal 209715/216537 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/216669 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/216748 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/216814 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/216891 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/216967 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/217040 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/217097 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/217172 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/217175 (executing program)
2022/09/14 12:43:09 fetching corpus: 4580, signal 209980/217175 (executing program)
2022/09/14 12:43:12 starting 8 fuzzer processes
12:43:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
fallocate(r0, 0x10, 0x3, 0x40)

12:43:12 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x1b, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000dc0000000f000000010000000000000000000000002000000020000020000000d1f4655fd1f4655f0100ffff53ef010001000000d1f4655f000000000000000001000000000000000b0000000001000028020000028401001b0000000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e35343235353432393700"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000191e9a1afbab4a0784039e22778533ac010000000c00000000000000d1f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000000000002500000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0000000000000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000000400000005000000dc000f000300040000000000000000000f004582", 0x20, 0x800}, {&(0x7f0000010500)="ffffffff07000000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d1f4655fd1f4655fd1f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d1f4655fd1f4655fd1f4655f00000000000004000200000000000000050000000d00"/64, 0x40, 0x1500}, {&(0x7f0000010f00)="2000000008f5ddb808f5ddb800000000d1f4655f00"/32, 0x20, 0x1580}, {&(0x7f0000011000)="c0410000002c0000d1f4655fd1f4655fd1f4655f00000000000002001600000000000000000000000e0000000f000000100000001100000012000000130000001400000015000000160000001700000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d1f4655f000000000000000000000000000002ea00"/192, 0xc0, 0x1e00}, {&(0x7f0000011100)="ed4100003c000000d1f4655fd1f4655fd1f4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c65310000000000000000000000000000000000000000000000000000006d465f020000000000000000000000000000000000000000000000002000000008f5ddb808f5ddb808f5ddb8d1f4655f08f5ddb80000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x1f00}, {&(0x7f0000011200)="ed8100001a040000d1f4655fd1f4655fd1f4655f0000000000000100040000000000000001000000190000001a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000852c53740000000000000000000000000000000000000000000000002000000008f5ddb808f5ddb808f5ddb8d1f4655f08f5ddb80000000000000000", 0xa0, 0x2000}, {&(0x7f0000011300)="ffa1000026000000d1f4655fd1f4655fd1f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3534323535343239372f66696c65302f66696c6530000000000000000000000000000000000000000000007c8f883b0000000000000000000000000000000000000000000000002000000008f5ddb808f5ddb808f5ddb8d1f4655f08f5ddb80000000000000000", 0xa0, 0x2100}, {&(0x7f0000011400)="ed8100000a000000d1f4655fd1f4655fd1f4655f000000000000010000000000000000100100000073797a6b616c6c6572730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a40410760000000000000000000000000000000000000000000000002000000008f5ddb808f5ddb808f5ddb8d1f4655f08f5ddb80000000000000000000002ea040700000000000000000000000000006461746106015400000000000600000000000000786174747231000006014c000000000006000000000000007861747472320000000000000000000078617474723200007861747472310000ed81000028230000d1f4655fd1f4655fd1f4655f00000000000002001200000000000000010000001b0000001c0000001d0000001e0000001f000000200000002100000022000000230000000000000000000000000000000000000000000000000000004d0f9deb0000000000000000000000000000000000000000000000002000000008f5ddb808f5ddb808f5ddb8d1f4655f08f5ddb80000000000000000", 0x1a0, 0x2200}, {&(0x7f0000011600)="ed81000064000000d1f4655fd1f4655fd1f4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c315b52e60000000000000000000000000000000000000000000000002000000008f5ddb808f5ddb808f5ddb8d1f4655f08f5ddb80000000000000000000002ea040734000000000028000000000000006461746100000000000000000000000000000000000000000000000000000000000000006c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273", 0x100, 0x2400}, {&(0x7f0000011700)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x3400}, {&(0x7f0000011800)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8030000", 0x20, 0x3800}, {&(0x7f0000011900)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011a00)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011b00)="00000000000400"/32, 0x20, 0x4400}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0x4800}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x4c00}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x5000}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x5400}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x5800}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x5c00}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x6000}, {&(0x7f0000012300)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x6400}], 0x0, &(0x7f0000012800))

12:43:12 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='tracefs\x00', 0x81, 0x0)

[   67.797734] audit: type=1400 audit(1663159392.409:6): avc:  denied  { execmem } for  pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:43:12 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8}}}, 0x7)

12:43:12 executing program 5:
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f0000000480)={0x0, 0x9, 0x4, 0xfffffffd, 0x2, [{0x1, 0x7, 0x6}, {0x1, 0x1000, 0x1, '\x00', 0x480}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xb220}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = getpid()
r3 = gettid()
rt_tgsigqueueinfo(r2, r3, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x6})
get_robust_list(r2, &(0x7f00000005c0)=&(0x7f0000000580)={&(0x7f0000000540)={&(0x7f0000000340)}}, &(0x7f0000000600)=0x18)
perf_event_open(0x0, r3, 0xb, 0xffffffffffffffff, 0xb)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000000201010200000000000000000202000008001a40000000003a3e542a333d5d2fbfc41c2a1ec3ab6a9d700e3025fd0ef2a7ea99265fe27afa1d8992a2eeb358651aa5eb43f4597d7ddd01b42729df2d75bc250c06f8c1f337bc65e07d69c151693119623da895c3b72c235a3ca657b3dea436c7a69b5abf6acdf362faf13bdf6c0f3df0e42eb88c4e693781c65d1dbe3bdfa6a83624b18491ede1b480a93226bea675b25784ae28ae2373dcb1c4968fe6f4e5cd108e42ef8bdf364b697e91b2b546a2b528299929bfa256c876a1e410ae03a24c7036417c7f109e706a95eb45c766c690c7445eab1cbd071ba55685b10fcea5041b2f74f98fe84ff60c04881ef4e919915f9d26715356d806edfcccb3b3cb9cf1a6f8bd691c5b3b7aab7aae72381cf5933050c263afce0ed800000080000000004fa8eea1826f56b44ea4eb8c96e456aca1c195d4034f6f1e0cfa70ef4ff1dcf3edaa9c95262b44faba986dd564795b15b0f693ca9e1222bc21f86d59c86da7146630563aaa24e26153551c9ca6df8a06ca4aa2632c58eb579c0f7b7b8b96bd424ec892151010d9a365d4634163b9802a96601143534919f5dfdc26dd0ba83300000000"], 0x1c}}, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_WAITACTIVE(r4, 0x5607)

12:43:12 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:43:12 executing program 6:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup3(r0, r1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x4d}})

12:43:12 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

[   69.012102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.013657] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   69.015244] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.016577] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.019391] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.021218] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   69.022682] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.033166] Bluetooth: hci0: HCI_REQ-0x0c1a
[   69.074841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   69.079857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   69.085382] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   69.101293] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   69.102617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   69.107808] Bluetooth: hci1: HCI_REQ-0x0c1a
[   69.134656] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   69.141134] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   69.142261] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   69.143710] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   69.145262] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   69.145683] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   69.148873] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   69.158283] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   69.159813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   69.161453] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   69.163025] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   69.164547] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   69.166256] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   69.167238] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   69.170366] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   69.171556] Bluetooth: hci5: HCI_REQ-0x0c1a
[   69.171814] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   69.172849] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   69.176261] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   69.181221] Bluetooth: hci3: HCI_REQ-0x0c1a
[   69.203369] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   69.204702] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   69.207160] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   69.208801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   69.210324] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   69.213664] Bluetooth: hci4: HCI_REQ-0x0c1a
[   69.222279] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   69.227222] Bluetooth: hci6: HCI_REQ-0x0c1a
[   69.260697] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   69.263100] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   69.264744] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   69.271699] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   69.278028] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   69.279878] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   69.291174] Bluetooth: hci7: HCI_REQ-0x0c1a
[   71.095702] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   71.097132] Bluetooth: hci0: command 0x0409 tx timeout
[   71.160148] Bluetooth: hci1: command 0x0409 tx timeout
[   71.223400] Bluetooth: hci5: command 0x0409 tx timeout
[   71.224157] Bluetooth: hci4: command 0x0409 tx timeout
[   71.224213] Bluetooth: hci3: command 0x0409 tx timeout
[   71.287163] Bluetooth: hci6: command 0x0409 tx timeout
[   71.351151] Bluetooth: hci7: command 0x0409 tx timeout
[   73.145316] Bluetooth: hci0: command 0x041b tx timeout
[   73.207166] Bluetooth: hci1: command 0x041b tx timeout
[   73.271146] Bluetooth: hci3: command 0x041b tx timeout
[   73.271146] Bluetooth: hci5: command 0x041b tx timeout
[   73.272362] Bluetooth: hci4: command 0x041b tx timeout
[   73.336144] Bluetooth: hci6: command 0x041b tx timeout
[   73.399111] Bluetooth: hci7: command 0x041b tx timeout
[   75.031725] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.048457] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.050330] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.097285] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.117295] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   75.121335] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.145130] Bluetooth: hci2: HCI_REQ-0x0c1a
[   75.226939] Bluetooth: hci0: command 0x040f tx timeout
[   75.256105] Bluetooth: hci1: command 0x040f tx timeout
[   75.320183] Bluetooth: hci4: command 0x040f tx timeout
[   75.320775] Bluetooth: hci5: command 0x040f tx timeout
[   75.321205] Bluetooth: hci3: command 0x040f tx timeout
[   75.384183] Bluetooth: hci6: command 0x040f tx timeout
[   75.448517] Bluetooth: hci7: command 0x040f tx timeout
[   77.175256] Bluetooth: hci2: command 0x0409 tx timeout
[   77.239172] Bluetooth: hci0: command 0x0419 tx timeout
[   77.303654] Bluetooth: hci1: command 0x0419 tx timeout
[   77.367297] Bluetooth: hci3: command 0x0419 tx timeout
[   77.368141] Bluetooth: hci5: command 0x0419 tx timeout
[   77.368945] Bluetooth: hci4: command 0x0419 tx timeout
[   77.431226] Bluetooth: hci6: command 0x0419 tx timeout
[   77.495146] Bluetooth: hci7: command 0x0419 tx timeout
[   79.223166] Bluetooth: hci2: command 0x041b tx timeout
[   81.271204] Bluetooth: hci2: command 0x040f tx timeout
[   83.319224] Bluetooth: hci2: command 0x0419 tx timeout
[  127.492399] audit: type=1400 audit(1663159452.103:7): avc:  denied  { open } for  pid=3721 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  127.494174] audit: type=1400 audit(1663159452.103:8): avc:  denied  { kernel } for  pid=3721 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  127.509390] ------------[ cut here ]------------
[  127.509414] 
[  127.509417] ======================================================
[  127.509421] WARNING: possible circular locking dependency detected
[  127.509426] 6.0.0-rc5-next-20220914 #1 Not tainted
[  127.509434] ------------------------------------------------------
[  127.509438] syz-executor.7/3731 is trying to acquire lock:
[  127.509445] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  127.509487] 
[  127.509487] but task is already holding lock:
[  127.509490] ffff88800f6f7020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  127.509521] 
[  127.509521] which lock already depends on the new lock.
[  127.509521] 
[  127.509525] 
[  127.509525] the existing dependency chain (in reverse order) is:
[  127.509529] 
[  127.509529] -> #3 (&ctx->lock){....}-{2:2}:
[  127.509544]        _raw_spin_lock+0x2a/0x40
[  127.509563]        __perf_event_task_sched_out+0x53b/0x18d0
[  127.509577]        __schedule+0xedd/0x2470
[  127.509590]        schedule+0xda/0x1b0
[  127.509600]        exit_to_user_mode_prepare+0x114/0x1a0
[  127.509623]        syscall_exit_to_user_mode+0x19/0x40
[  127.509642]        do_syscall_64+0x48/0x90
[  127.509657]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.509676] 
[  127.509676] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  127.509692]        _raw_spin_lock_nested+0x30/0x40
[  127.509708]        raw_spin_rq_lock_nested+0x1e/0x30
[  127.509722]        task_fork_fair+0x63/0x4d0
[  127.509741]        sched_cgroup_fork+0x3d0/0x540
[  127.509756]        copy_process+0x4183/0x6e20
[  127.509768]        kernel_clone+0xe7/0x890
[  127.509778]        user_mode_thread+0xad/0xf0
[  127.509790]        rest_init+0x24/0x250
[  127.509807]        arch_call_rest_init+0xf/0x14
[  127.509821]        start_kernel+0x4c1/0x4e6
[  127.509832]        secondary_startup_64_no_verify+0xe0/0xeb
[  127.509848] 
[  127.509848] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  127.509863]        _raw_spin_lock_irqsave+0x39/0x60
[  127.509880]        try_to_wake_up+0xab/0x1920
[  127.509894]        up+0x75/0xb0
[  127.509906]        __up_console_sem+0x6e/0x80
[  127.509924]        console_unlock+0x46a/0x590
[  127.509941]        vt_ioctl+0x2822/0x2ca0
[  127.509955]        tty_ioctl+0x7c4/0x1700
[  127.509968]        __x64_sys_ioctl+0x19a/0x210
[  127.509984]        do_syscall_64+0x3b/0x90
[  127.509999]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.510017] 
[  127.510017] -> #0 ((console_sem).lock){....}-{2:2}:
[  127.510032]        __lock_acquire+0x2a02/0x5e70
[  127.510050]        lock_acquire+0x1a2/0x530
[  127.510067]        _raw_spin_lock_irqsave+0x39/0x60
[  127.510084]        down_trylock+0xe/0x70
[  127.510097]        __down_trylock_console_sem+0x3b/0xd0
[  127.510115]        vprintk_emit+0x16b/0x560
[  127.510133]        vprintk+0x84/0xa0
[  127.510150]        _printk+0xba/0xf1
[  127.510169]        report_bug.cold+0x72/0xab
[  127.510183]        handle_bug+0x3c/0x70
[  127.510197]        exc_invalid_op+0x14/0x50
[  127.510211]        asm_exc_invalid_op+0x16/0x20
[  127.510229]        group_sched_out.part.0+0x2c7/0x460
[  127.510241]        ctx_sched_out+0x8f1/0xc10
[  127.510252]        __perf_event_task_sched_out+0x6d0/0x18d0
[  127.510265]        __schedule+0xedd/0x2470
[  127.510276]        schedule+0xda/0x1b0
[  127.510286]        exit_to_user_mode_prepare+0x114/0x1a0
[  127.510307]        syscall_exit_to_user_mode+0x19/0x40
[  127.510325]        do_syscall_64+0x48/0x90
[  127.510339]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.510358] 
[  127.510358] other info that might help us debug this:
[  127.510358] 
[  127.510361] Chain exists of:
[  127.510361]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  127.510361] 
[  127.510377]  Possible unsafe locking scenario:
[  127.510377] 
[  127.510380]        CPU0                    CPU1
[  127.510383]        ----                    ----
[  127.510385]   lock(&ctx->lock);
[  127.510392]                                lock(&rq->__lock);
[  127.510399]                                lock(&ctx->lock);
[  127.510406]   lock((console_sem).lock);
[  127.510412] 
[  127.510412]  *** DEADLOCK ***
[  127.510412] 
[  127.510414] 2 locks held by syz-executor.7/3731:
[  127.510422]  #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  127.510451]  #1: ffff88800f6f7020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  127.510481] 
[  127.510481] stack backtrace:
[  127.510484] CPU: 1 PID: 3731 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220914 #1
[  127.510499] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  127.510508] Call Trace:
[  127.510511]  <TASK>
[  127.510515]  dump_stack_lvl+0x8b/0xb3
[  127.510532]  check_noncircular+0x263/0x2e0
[  127.510550]  ? format_decode+0x26c/0xb50
[  127.510566]  ? print_circular_bug+0x450/0x450
[  127.510585]  ? enable_ptr_key_workfn+0x20/0x20
[  127.510600]  ? __lockdep_reset_lock+0x180/0x180
[  127.510619]  ? format_decode+0x26c/0xb50
[  127.510636]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  127.510655]  __lock_acquire+0x2a02/0x5e70
[  127.510679]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  127.510703]  lock_acquire+0x1a2/0x530
[  127.510722]  ? down_trylock+0xe/0x70
[  127.510738]  ? rcu_read_unlock+0x40/0x40
[  127.510758]  ? find_held_lock+0x2c/0x110
[  127.510776]  ? vprintk+0x84/0xa0
[  127.510796]  _raw_spin_lock_irqsave+0x39/0x60
[  127.510813]  ? down_trylock+0xe/0x70
[  127.510828]  down_trylock+0xe/0x70
[  127.510842]  ? vprintk+0x84/0xa0
[  127.510861]  __down_trylock_console_sem+0x3b/0xd0
[  127.510880]  vprintk_emit+0x16b/0x560
[  127.510901]  vprintk+0x84/0xa0
[  127.510920]  _printk+0xba/0xf1
[  127.510939]  ? record_print_text.cold+0x16/0x16
[  127.510961]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  127.510976]  ? lock_downgrade+0x6d0/0x6d0
[  127.510995]  ? report_bug.cold+0x66/0xab
[  127.511011]  ? group_sched_out.part.0+0x2c7/0x460
[  127.511024]  report_bug.cold+0x72/0xab
[  127.511040]  handle_bug+0x3c/0x70
[  127.511056]  exc_invalid_op+0x14/0x50
[  127.511075]  asm_exc_invalid_op+0x16/0x20
[  127.511094] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  127.511109] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  127.511122] RSP: 0018:ffff88803f8e7c48 EFLAGS: 00010006
[  127.511132] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  127.511141] RDX: ffff888010013580 RSI: ffffffff81566027 RDI: 0000000000000005
[  127.511149] RBP: ffff888018038000 R08: 0000000000000005 R09: 0000000000000001
[  127.511157] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f6f7000
[  127.511166] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002
[  127.511178]  ? group_sched_out.part.0+0x2c7/0x460
[  127.511193]  ? group_sched_out.part.0+0x2c7/0x460
[  127.511207]  ctx_sched_out+0x8f1/0xc10
[  127.511221]  __perf_event_task_sched_out+0x6d0/0x18d0
[  127.511238]  ? lock_is_held_type+0xd7/0x130
[  127.511258]  ? __perf_cgroup_move+0x160/0x160
[  127.511271]  ? set_next_entity+0x304/0x550
[  127.511291]  ? update_curr+0x267/0x740
[  127.511311]  ? lock_is_held_type+0xd7/0x130
[  127.511331]  __schedule+0xedd/0x2470
[  127.511346]  ? io_schedule_timeout+0x150/0x150
[  127.511360]  ? __x64_sys_futex_time32+0x480/0x480
[  127.511376]  schedule+0xda/0x1b0
[  127.511388]  exit_to_user_mode_prepare+0x114/0x1a0
[  127.511410]  syscall_exit_to_user_mode+0x19/0x40
[  127.511430]  do_syscall_64+0x48/0x90
[  127.511446]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.511465] RIP: 0033:0x7f6fb1ff4b19
[  127.511475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  127.511487] RSP: 002b:00007f6faf549218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  127.511499] RAX: 0000000000000001 RBX: 00007f6fb2108028 RCX: 00007f6fb1ff4b19
[  127.511507] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6fb210802c
[  127.511516] RBP: 00007f6fb2108020 R08: 000000000000000e R09: 0000000000000000
[  127.511523] R10: 0000000000000009 R11: 0000000000000246 R12: 00007f6fb210802c
[  127.511532] R13: 00007ffc7e1f30cf R14: 00007f6faf549300 R15: 0000000000022000
[  127.511546]  </TASK>
[  127.579596] WARNING: CPU: 1 PID: 3731 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  127.580525] Modules linked in:
[  127.580853] CPU: 1 PID: 3731 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220914 #1
[  127.581667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  127.582766] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  127.583311] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  127.585086] RSP: 0018:ffff88803f8e7c48 EFLAGS: 00010006
[  127.585619] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  127.586329] RDX: ffff888010013580 RSI: ffffffff81566027 RDI: 0000000000000005
[  127.587034] RBP: ffff888018038000 R08: 0000000000000005 R09: 0000000000000001
[  127.587724] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f6f7000
[  127.588420] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002
[  127.589178] FS:  00007f6faf549700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  127.589946] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  127.590493] CR2: 00007f69961ba8e0 CR3: 000000001d412000 CR4: 0000000000350ee0
[  127.591163] Call Trace:
[  127.591418]  <TASK>
[  127.591642]  ctx_sched_out+0x8f1/0xc10
[  127.592023]  __perf_event_task_sched_out+0x6d0/0x18d0
[  127.592519]  ? lock_is_held_type+0xd7/0x130
[  127.592946]  ? __perf_cgroup_move+0x160/0x160
[  127.593404]  ? set_next_entity+0x304/0x550
[  127.593817]  ? update_curr+0x267/0x740
[  127.594206]  ? lock_is_held_type+0xd7/0x130
[  127.594631]  __schedule+0xedd/0x2470
[  127.594993]  ? io_schedule_timeout+0x150/0x150
[  127.595430]  ? __x64_sys_futex_time32+0x480/0x480
[  127.595890]  schedule+0xda/0x1b0
[  127.596217]  exit_to_user_mode_prepare+0x114/0x1a0
[  127.596700]  syscall_exit_to_user_mode+0x19/0x40
[  127.597169]  do_syscall_64+0x48/0x90
[  127.597539]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.598034] RIP: 0033:0x7f6fb1ff4b19
[  127.598391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  127.600063] RSP: 002b:00007f6faf549218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  127.600776] RAX: 0000000000000001 RBX: 00007f6fb2108028 RCX: 00007f6fb1ff4b19
[  127.601438] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6fb210802c
[  127.602093] RBP: 00007f6fb2108020 R08: 000000000000000e R09: 0000000000000000
[  127.602751] R10: 0000000000000009 R11: 0000000000000246 R12: 00007f6fb210802c
[  127.603410] R13: 00007ffc7e1f30cf R14: 00007f6faf549300 R15: 0000000000022000
[  127.604074]  </TASK>
[  127.604303] irq event stamp: 510
[  127.604618] hardirqs last  enabled at (509): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  127.605509] hardirqs last disabled at (510): [<ffffffff8424bcf5>] __schedule+0x1225/0x2470
[  127.606281] softirqs last  enabled at (326): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  127.607085] softirqs last disabled at (289): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  127.607876] ---[ end trace 0000000000000000 ]---
[  128.365692] syz-executor.7 (3723) used greatest stack depth: 23808 bytes left
12:44:13 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

12:44:13 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

[  128.680074] hrtimer: interrupt took 19236 ns
12:44:13 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

12:44:13 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

12:44:13 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

12:44:14 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

12:44:14 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1)
r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
getdents64(r0, &(0x7f0000000140)=""/26, 0x1a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9)
sendfile(r4, r3, 0x0, 0xfffffdef)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0)

12:44:14 executing program 6:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup3(r0, r1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x4d}})

[  132.727105] Bluetooth: hci1: Opcode 0x c03 failed: -110
[  132.855132] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  132.856120] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  132.856937] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  132.857773] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  132.919157] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  134.908491] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  134.914213] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  134.916021] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  134.919140] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  134.920555] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  134.922298] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  134.925552] Bluetooth: hci1: HCI_REQ-0x0c1a
[  136.951158] Bluetooth: hci1: command 0x0409 tx timeout
[  137.207119] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  137.208190] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  137.272110] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  137.272168] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  137.273761] Bluetooth: hci6: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
12:44:12  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000092800 RCX=ffff88806ce40440 RDX=000000000001e900
RSI=00000000000000b8 RDI=ffff888010136414 RBP=0000000000000000 RSP=ffff88801019f758
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000400 R11=0000000000000001
R12=ffff888008713500 R13=ffffffff815c9856 R14=0000000000092800 R15=0000000000092800
RIP=ffffffff84400cf0 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa9e79d24a1 CR3=0000000019f3a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000078 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b24f1 RDI=ffffffff87641b60 RBP=ffffffff87641b20 RSP=ffff88803f8e7698
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000078 R11=0000000000000001
R12=0000000000000078 R13=ffffffff87641b20 R14=0000000000000010 R15=ffffffff822b24e0
RIP=ffffffff822b2549 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f6faf549700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f69961ba8e0 CR3=000000001d412000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f6fb20db7c0 00007f6fb20db7c8
YMM02=0000000000000000 0000000000000000 00007f6fb20db7e0 00007f6fb20db7c0
YMM03=0000000000000000 0000000000000000 00007f6fb20db7c8 00007f6fb20db7c0
YMM04=0000000000000000 0000000000000000 723501faa48f84cc fc45cebec1992687
YMM05=0000000000000000 0000000000000000 1b070fc2bf937e30 24dca649bebecc5e
YMM06=0000000000000000 0000000000000000 ea7c70ae1195cf04 46ec50a86ab7b7de
YMM07=0000000000000000 0000000000000000 9cb5c2c4c3e3f173 e2fc05c467eb9e00
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000