syzkaller login: [   34.995051] scp (251) used greatest stack depth: 24768 bytes left
Warning: Permanently added '[localhost]:24912' (ECDSA) to the list of known hosts.
2022/09/15 13:49:20 fuzzer started
2022/09/15 13:49:20 dialing manager at localhost:36559
[   37.190139] cgroup: Unknown subsys name 'net'
[   37.274353] cgroup: Unknown subsys name 'rlimit'
2022/09/15 13:49:35 syscalls: 2215
2022/09/15 13:49:35 code coverage: enabled
2022/09/15 13:49:35 comparison tracing: enabled
2022/09/15 13:49:35 extra coverage: enabled
2022/09/15 13:49:35 setuid sandbox: enabled
2022/09/15 13:49:35 namespace sandbox: enabled
2022/09/15 13:49:35 Android sandbox: enabled
2022/09/15 13:49:35 fault injection: enabled
2022/09/15 13:49:35 leak checking: enabled
2022/09/15 13:49:35 net packet injection: enabled
2022/09/15 13:49:35 net device setup: enabled
2022/09/15 13:49:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/15 13:49:35 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/15 13:49:35 USB emulation: enabled
2022/09/15 13:49:35 hci packet injection: enabled
2022/09/15 13:49:35 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220915                                          )
2022/09/15 13:49:35 802.15.4 emulation: enabled
2022/09/15 13:49:35 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/15 13:49:35 fetching corpus: 31, signal 21929/25577 (executing program)
2022/09/15 13:49:35 fetching corpus: 81, signal 42915/47875 (executing program)
2022/09/15 13:49:36 fetching corpus: 130, signal 55967/62117 (executing program)
2022/09/15 13:49:36 fetching corpus: 180, signal 63844/71166 (executing program)
2022/09/15 13:49:36 fetching corpus: 230, signal 70370/78891 (executing program)
2022/09/15 13:49:36 fetching corpus: 280, signal 74110/83826 (executing program)
2022/09/15 13:49:36 fetching corpus: 330, signal 80239/90949 (executing program)
2022/09/15 13:49:36 fetching corpus: 380, signal 85573/97213 (executing program)
2022/09/15 13:49:37 fetching corpus: 430, signal 90074/102703 (executing program)
2022/09/15 13:49:37 fetching corpus: 480, signal 94567/108045 (executing program)
2022/09/15 13:49:37 fetching corpus: 530, signal 99368/113621 (executing program)
2022/09/15 13:49:37 fetching corpus: 580, signal 102095/117253 (executing program)
2022/09/15 13:49:37 fetching corpus: 630, signal 105511/121477 (executing program)
2022/09/15 13:49:37 fetching corpus: 680, signal 108018/124859 (executing program)
2022/09/15 13:49:38 fetching corpus: 730, signal 111995/129496 (executing program)
2022/09/15 13:49:38 fetching corpus: 780, signal 115788/133923 (executing program)
2022/09/15 13:49:38 fetching corpus: 830, signal 118105/136981 (executing program)
2022/09/15 13:49:38 fetching corpus: 880, signal 120210/139812 (executing program)
2022/09/15 13:49:38 fetching corpus: 929, signal 123488/143600 (executing program)
2022/09/15 13:49:38 fetching corpus: 979, signal 126580/147215 (executing program)
2022/09/15 13:49:39 fetching corpus: 1029, signal 129820/150874 (executing program)
2022/09/15 13:49:39 fetching corpus: 1079, signal 131523/153193 (executing program)
2022/09/15 13:49:39 fetching corpus: 1129, signal 133741/155955 (executing program)
2022/09/15 13:49:39 fetching corpus: 1179, signal 135422/158198 (executing program)
2022/09/15 13:49:39 fetching corpus: 1229, signal 137829/161031 (executing program)
2022/09/15 13:49:39 fetching corpus: 1279, signal 139655/163357 (executing program)
2022/09/15 13:49:39 fetching corpus: 1329, signal 141412/165527 (executing program)
2022/09/15 13:49:39 fetching corpus: 1379, signal 143625/168041 (executing program)
2022/09/15 13:49:40 fetching corpus: 1428, signal 145860/170658 (executing program)
2022/09/15 13:49:40 fetching corpus: 1478, signal 147924/173020 (executing program)
2022/09/15 13:49:40 fetching corpus: 1528, signal 149007/174661 (executing program)
2022/09/15 13:49:40 fetching corpus: 1578, signal 150798/176811 (executing program)
2022/09/15 13:49:40 fetching corpus: 1628, signal 152361/178763 (executing program)
2022/09/15 13:49:40 fetching corpus: 1678, signal 154772/181284 (executing program)
2022/09/15 13:49:40 fetching corpus: 1728, signal 156636/183346 (executing program)
2022/09/15 13:49:40 fetching corpus: 1778, signal 159509/186092 (executing program)
2022/09/15 13:49:41 fetching corpus: 1828, signal 160799/187674 (executing program)
2022/09/15 13:49:41 fetching corpus: 1878, signal 162150/189288 (executing program)
2022/09/15 13:49:41 fetching corpus: 1928, signal 163672/191036 (executing program)
2022/09/15 13:49:41 fetching corpus: 1978, signal 165106/192732 (executing program)
2022/09/15 13:49:41 fetching corpus: 2028, signal 166413/194323 (executing program)
2022/09/15 13:49:41 fetching corpus: 2078, signal 167393/195611 (executing program)
2022/09/15 13:49:41 fetching corpus: 2128, signal 169740/197833 (executing program)
2022/09/15 13:49:42 fetching corpus: 2178, signal 170896/199212 (executing program)
2022/09/15 13:49:42 fetching corpus: 2228, signal 171681/200305 (executing program)
2022/09/15 13:49:42 fetching corpus: 2278, signal 173215/201837 (executing program)
2022/09/15 13:49:42 fetching corpus: 2328, signal 174050/202946 (executing program)
2022/09/15 13:49:42 fetching corpus: 2377, signal 174675/203956 (executing program)
2022/09/15 13:49:42 fetching corpus: 2427, signal 176352/205515 (executing program)
2022/09/15 13:49:42 fetching corpus: 2477, signal 177324/206651 (executing program)
2022/09/15 13:49:43 fetching corpus: 2527, signal 178984/208189 (executing program)
2022/09/15 13:49:43 fetching corpus: 2577, signal 180427/209592 (executing program)
2022/09/15 13:49:43 fetching corpus: 2627, signal 181412/210678 (executing program)
2022/09/15 13:49:43 fetching corpus: 2677, signal 182498/211806 (executing program)
2022/09/15 13:49:43 fetching corpus: 2727, signal 184536/213444 (executing program)
2022/09/15 13:49:43 fetching corpus: 2777, signal 185815/214617 (executing program)
2022/09/15 13:49:44 fetching corpus: 2827, signal 186853/215665 (executing program)
2022/09/15 13:49:44 fetching corpus: 2877, signal 187474/216473 (executing program)
2022/09/15 13:49:44 fetching corpus: 2927, signal 188320/217375 (executing program)
2022/09/15 13:49:44 fetching corpus: 2977, signal 189186/218298 (executing program)
2022/09/15 13:49:44 fetching corpus: 3027, signal 190435/219338 (executing program)
2022/09/15 13:49:44 fetching corpus: 3077, signal 191184/220197 (executing program)
2022/09/15 13:49:44 fetching corpus: 3127, signal 192081/221092 (executing program)
2022/09/15 13:49:45 fetching corpus: 3177, signal 193116/221995 (executing program)
2022/09/15 13:49:45 fetching corpus: 3227, signal 194365/223026 (executing program)
2022/09/15 13:49:45 fetching corpus: 3277, signal 195006/223802 (executing program)
2022/09/15 13:49:45 fetching corpus: 3327, signal 196120/224816 (executing program)
2022/09/15 13:49:45 fetching corpus: 3377, signal 196875/225571 (executing program)
2022/09/15 13:49:45 fetching corpus: 3427, signal 197543/226268 (executing program)
2022/09/15 13:49:45 fetching corpus: 3477, signal 198501/227106 (executing program)
2022/09/15 13:49:45 fetching corpus: 3527, signal 199381/227838 (executing program)
2022/09/15 13:49:46 fetching corpus: 3577, signal 200285/228588 (executing program)
2022/09/15 13:49:46 fetching corpus: 3627, signal 201161/229297 (executing program)
2022/09/15 13:49:46 fetching corpus: 3677, signal 201711/229892 (executing program)
2022/09/15 13:49:46 fetching corpus: 3727, signal 202869/230750 (executing program)
2022/09/15 13:49:46 fetching corpus: 3777, signal 203662/231401 (executing program)
2022/09/15 13:49:46 fetching corpus: 3827, signal 204532/232059 (executing program)
2022/09/15 13:49:46 fetching corpus: 3877, signal 205291/232701 (executing program)
2022/09/15 13:49:47 fetching corpus: 3927, signal 206469/233502 (executing program)
2022/09/15 13:49:47 fetching corpus: 3977, signal 207007/234037 (executing program)
2022/09/15 13:49:47 fetching corpus: 4027, signal 207603/234566 (executing program)
2022/09/15 13:49:47 fetching corpus: 4077, signal 208240/235073 (executing program)
2022/09/15 13:49:47 fetching corpus: 4127, signal 208843/235574 (executing program)
2022/09/15 13:49:47 fetching corpus: 4177, signal 209397/236039 (executing program)
2022/09/15 13:49:47 fetching corpus: 4227, signal 209959/236525 (executing program)
2022/09/15 13:49:48 fetching corpus: 4276, signal 210660/237051 (executing program)
2022/09/15 13:49:48 fetching corpus: 4326, signal 211391/237523 (executing program)
2022/09/15 13:49:48 fetching corpus: 4376, signal 211899/237998 (executing program)
2022/09/15 13:49:48 fetching corpus: 4426, signal 212917/238623 (executing program)
2022/09/15 13:49:48 fetching corpus: 4475, signal 213600/239041 (executing program)
2022/09/15 13:49:48 fetching corpus: 4525, signal 214509/239558 (executing program)
2022/09/15 13:49:48 fetching corpus: 4575, signal 214949/239960 (executing program)
2022/09/15 13:49:48 fetching corpus: 4625, signal 215602/240521 (executing program)
2022/09/15 13:49:49 fetching corpus: 4675, signal 216619/240995 (executing program)
2022/09/15 13:49:49 fetching corpus: 4725, signal 217233/241367 (executing program)
2022/09/15 13:49:49 fetching corpus: 4775, signal 218086/241774 (executing program)
2022/09/15 13:49:49 fetching corpus: 4825, signal 218712/242110 (executing program)
2022/09/15 13:49:49 fetching corpus: 4875, signal 219042/242418 (executing program)
2022/09/15 13:49:49 fetching corpus: 4925, signal 219632/242766 (executing program)
2022/09/15 13:49:49 fetching corpus: 4975, signal 220037/243071 (executing program)
2022/09/15 13:49:49 fetching corpus: 5025, signal 221204/243481 (executing program)
2022/09/15 13:49:50 fetching corpus: 5075, signal 221774/243779 (executing program)
2022/09/15 13:49:50 fetching corpus: 5125, signal 222268/244067 (executing program)
2022/09/15 13:49:50 fetching corpus: 5175, signal 222779/244341 (executing program)
2022/09/15 13:49:50 fetching corpus: 5225, signal 223615/244627 (executing program)
2022/09/15 13:49:50 fetching corpus: 5275, signal 224019/244874 (executing program)
2022/09/15 13:49:50 fetching corpus: 5324, signal 224438/245126 (executing program)
2022/09/15 13:49:50 fetching corpus: 5374, signal 225583/245406 (executing program)
2022/09/15 13:49:51 fetching corpus: 5424, signal 226214/245649 (executing program)
2022/09/15 13:49:51 fetching corpus: 5474, signal 227301/245926 (executing program)
2022/09/15 13:49:51 fetching corpus: 5524, signal 227791/246110 (executing program)
2022/09/15 13:49:51 fetching corpus: 5574, signal 228599/246336 (executing program)
2022/09/15 13:49:51 fetching corpus: 5624, signal 229355/246535 (executing program)
2022/09/15 13:49:51 fetching corpus: 5674, signal 229881/246705 (executing program)
2022/09/15 13:49:51 fetching corpus: 5724, signal 230378/246892 (executing program)
2022/09/15 13:49:52 fetching corpus: 5774, signal 230652/247047 (executing program)
2022/09/15 13:49:52 fetching corpus: 5824, signal 230980/247180 (executing program)
2022/09/15 13:49:52 fetching corpus: 5874, signal 231819/247389 (executing program)
2022/09/15 13:49:52 fetching corpus: 5924, signal 232476/247438 (executing program)
2022/09/15 13:49:52 fetching corpus: 5974, signal 233101/247451 (executing program)
2022/09/15 13:49:52 fetching corpus: 6024, signal 233805/247458 (executing program)
2022/09/15 13:49:53 fetching corpus: 6074, signal 234324/247467 (executing program)
2022/09/15 13:49:53 fetching corpus: 6124, signal 235478/247488 (executing program)
2022/09/15 13:49:53 fetching corpus: 6174, signal 235813/247489 (executing program)
2022/09/15 13:49:53 fetching corpus: 6224, signal 236273/247564 (executing program)
2022/09/15 13:49:53 fetching corpus: 6274, signal 237151/247674 (executing program)
2022/09/15 13:49:53 fetching corpus: 6324, signal 237569/247679 (executing program)
2022/09/15 13:49:53 fetching corpus: 6374, signal 238233/247685 (executing program)
2022/09/15 13:49:53 fetching corpus: 6424, signal 238746/247731 (executing program)
2022/09/15 13:49:53 fetching corpus: 6473, signal 239158/247758 (executing program)
2022/09/15 13:49:54 fetching corpus: 6518, signal 239878/247764 (executing program)
2022/09/15 13:49:54 fetching corpus: 6518, signal 239878/247764 (executing program)
2022/09/15 13:49:56 starting 8 fuzzer processes
13:49:56 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg(r0, &(0x7f000000b580)=[{{&(0x7f0000005140)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x80, 0x0}}], 0x1, 0x20000014)

13:49:56 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0xe0000064)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x4000120)
inotify_add_watch(r1, &(0x7f0000002800)='./file0\x00', 0x20000040)

13:49:56 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000000000000}, 0x0, 0x0, 0x400, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x10000000)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00')
pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000011c0), 0x260084, 0x0)
gettid()
io_uring_setup(0x454c, &(0x7f0000000240))
epoll_create(0x4)

13:49:56 executing program 3:
r0 = syz_io_uring_setup(0x30b3, &(0x7f0000000000), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000200), 0x0)

[   72.957192] audit: type=1400 audit(1663249796.428:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
13:49:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0x2289, &(0x7f0000000000))

13:49:56 executing program 5:
setuid(0xee00)
prctl$PR_SET_SECUREBITS(0x1c, 0x0)

13:49:56 executing program 6:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x1, 0x4}, 0x80, 0x0, 0x7, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x81}, 0x603, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x20000010000}], 0x0, &(0x7f0000000040)=ANY=[])
open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0/file0\x00', 0x1)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
fcntl$getflags(0xffffffffffffffff, 0x3)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r2 = dup(r1)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
listen(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x21)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0)
fcntl$F_GET_RW_HINT(r4, 0x40b, &(0x7f0000000200))
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000240)={0x2, 0x2})
fcntl$dupfd(r2, 0x0, r3)
pipe(&(0x7f0000000400)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r0, &(0x7f00000001c0)={0xf0000005})

13:49:56 executing program 7:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBTYPE(r0, 0x541b, &(0x7f0000000000))

[   74.287131] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   74.290273] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   74.292837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   74.297828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   74.299130] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.303332] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   74.305820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   74.307065] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.310840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.318504] Bluetooth: hci1: HCI_REQ-0x0c1a
[   74.319695] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.326723] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.328118] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.348505] Bluetooth: hci0: HCI_REQ-0x0c1a
[   74.403160] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   74.405698] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   74.408553] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   74.411138] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   74.413070] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   74.415203] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   74.417001] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   74.420205] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   74.421628] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   74.423600] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   74.425505] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   74.427043] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   74.428706] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   74.429808] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   74.431308] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   74.432933] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   74.434311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   74.437911] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   74.440106] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   74.441503] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   74.442822] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   74.444097] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   74.446761] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   74.448272] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   74.452570] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   74.453797] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   74.458162] Bluetooth: hci4: HCI_REQ-0x0c1a
[   74.459410] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   74.461165] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   74.463006] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   74.469175] Bluetooth: hci3: HCI_REQ-0x0c1a
[   74.469285] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   74.488226] Bluetooth: hci5: HCI_REQ-0x0c1a
[   74.489058] Bluetooth: hci7: HCI_REQ-0x0c1a
[   74.489931] Bluetooth: hci6: HCI_REQ-0x0c1a
[   76.361796] Bluetooth: hci0: command 0x0409 tx timeout
[   76.362556] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   76.425527] Bluetooth: hci1: command 0x0409 tx timeout
[   76.489554] Bluetooth: hci3: command 0x0409 tx timeout
[   76.490345] Bluetooth: hci4: command 0x0409 tx timeout
[   76.553602] Bluetooth: hci6: command 0x0409 tx timeout
[   76.554440] Bluetooth: hci5: command 0x0409 tx timeout
[   76.555207] Bluetooth: hci7: command 0x0409 tx timeout
[   78.409770] Bluetooth: hci0: command 0x041b tx timeout
[   78.473416] Bluetooth: hci1: command 0x041b tx timeout
[   78.537494] Bluetooth: hci4: command 0x041b tx timeout
[   78.537961] Bluetooth: hci3: command 0x041b tx timeout
[   78.601447] Bluetooth: hci7: command 0x041b tx timeout
[   78.601915] Bluetooth: hci5: command 0x041b tx timeout
[   78.602338] Bluetooth: hci6: command 0x041b tx timeout
[   79.822955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   79.829515] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   79.831159] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   79.838460] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   79.840083] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   79.841109] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   79.844204] Bluetooth: hci2: HCI_REQ-0x0c1a
[   80.457422] Bluetooth: hci0: command 0x040f tx timeout
[   80.521435] Bluetooth: hci1: command 0x040f tx timeout
[   80.585480] Bluetooth: hci3: command 0x040f tx timeout
[   80.585989] Bluetooth: hci4: command 0x040f tx timeout
[   80.649436] Bluetooth: hci6: command 0x040f tx timeout
[   80.649933] Bluetooth: hci5: command 0x040f tx timeout
[   80.650413] Bluetooth: hci7: command 0x040f tx timeout
[   81.865512] Bluetooth: hci2: command 0x0409 tx timeout
[   82.505503] Bluetooth: hci0: command 0x0419 tx timeout
[   82.569419] Bluetooth: hci1: command 0x0419 tx timeout
[   82.633422] Bluetooth: hci4: command 0x0419 tx timeout
[   82.633923] Bluetooth: hci3: command 0x0419 tx timeout
[   82.697495] Bluetooth: hci7: command 0x0419 tx timeout
[   82.698205] Bluetooth: hci5: command 0x0419 tx timeout
[   82.698972] Bluetooth: hci6: command 0x0419 tx timeout
[   83.913503] Bluetooth: hci2: command 0x041b tx timeout
[   85.961498] Bluetooth: hci2: command 0x040f tx timeout
[   88.009460] Bluetooth: hci2: command 0x0419 tx timeout
13:50:53 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000031c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$inet(r0, &(0x7f000000bb00)=[{{0x0, 0x0, &(0x7f0000004f00)=[{&(0x7f0000003200)='N', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x15)

13:50:53 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fchown(r0, 0x0, 0x0)

13:50:53 executing program 4:
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000040))
setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000001140))

[  130.544085] audit: type=1400 audit(1663249854.016:7): avc:  denied  { open } for  pid=3766 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
13:50:54 executing program 4:
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000040))
setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000001140))

13:50:54 executing program 4:
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000040))
setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000001140))

13:50:54 executing program 4:
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000040))
setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000001140))

13:50:54 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000040))

13:50:54 executing program 4:
syz_emit_ethernet(0x6a, &(0x7f00000001c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x34, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "f2e2a6", 0x0, 0x2b, 0x0, @private2, @remote, [], "52168a0f"}}}}}}}, 0x0)

[  132.424403] audit: type=1400 audit(1663249855.896:8): avc:  denied  { kernel } for  pid=3892 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  132.445202] ------------[ cut here ]------------
[  132.445232] 
[  132.445237] ======================================================
[  132.445242] WARNING: possible circular locking dependency detected
[  132.445248] 6.0.0-rc5-next-20220915 #1 Not tainted
[  132.445258] ------------------------------------------------------
[  132.445262] syz-executor.2/3893 is trying to acquire lock:
[  132.445272] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  132.445323] 
[  132.445323] but task is already holding lock:
[  132.445327] ffff88800ea54c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  132.445371] 
[  132.445371] which lock already depends on the new lock.
[  132.445371] 
[  132.445375] 
[  132.445375] the existing dependency chain (in reverse order) is:
[  132.445380] 
[  132.445380] -> #3 (&ctx->lock){....}-{2:2}:
[  132.445401]        _raw_spin_lock+0x2a/0x40
[  132.445426]        __perf_event_task_sched_out+0x53b/0x18d0
[  132.445445]        __schedule+0xedd/0x2470
[  132.445461]        schedule+0xda/0x1b0
[  132.445476]        exit_to_user_mode_prepare+0x114/0x1a0
[  132.445506]        syscall_exit_to_user_mode+0x19/0x40
[  132.445536]        do_syscall_64+0x48/0x90
[  132.445560]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.445587] 
[  132.445587] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  132.445607]        _raw_spin_lock_nested+0x30/0x40
[  132.445631]        raw_spin_rq_lock_nested+0x1e/0x30
[  132.445649]        task_fork_fair+0x63/0x4d0
[  132.445675]        sched_cgroup_fork+0x3d0/0x540
[  132.445696]        copy_process+0x4183/0x6e20
[  132.445711]        kernel_clone+0xe7/0x890
[  132.445725]        user_mode_thread+0xad/0xf0
[  132.445741]        rest_init+0x24/0x250
[  132.445766]        arch_call_rest_init+0xf/0x14
[  132.445784]        start_kernel+0x4c1/0x4e6
[  132.445799]        secondary_startup_64_no_verify+0xe0/0xeb
[  132.445820] 
[  132.445820] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  132.445840]        _raw_spin_lock_irqsave+0x39/0x60
[  132.445864]        try_to_wake_up+0xab/0x1920
[  132.445883]        up+0x75/0xb0
[  132.445901]        __up_console_sem+0x6e/0x80
[  132.445925]        console_unlock+0x46a/0x590
[  132.445949]        do_con_write+0xc05/0x1d50
[  132.445966]        con_write+0x21/0x40
[  132.445981]        n_tty_write+0x4d4/0xfe0
[  132.446000]        file_tty_write.constprop.0+0x49c/0x8f0
[  132.446019]        vfs_write+0x9c3/0xd90
[  132.446047]        ksys_write+0x127/0x250
[  132.446073]        do_syscall_64+0x3b/0x90
[  132.446094]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.446120] 
[  132.446120] -> #0 ((console_sem).lock){....}-{2:2}:
[  132.446141]        __lock_acquire+0x2a02/0x5e70
[  132.446166]        lock_acquire+0x1a2/0x530
[  132.446190]        _raw_spin_lock_irqsave+0x39/0x60
[  132.446214]        down_trylock+0xe/0x70
[  132.446233]        __down_trylock_console_sem+0x3b/0xd0
[  132.446258]        vprintk_emit+0x16b/0x560
[  132.446283]        vprintk+0x84/0xa0
[  132.446308]        _printk+0xba/0xf1
[  132.446335]        report_bug.cold+0x72/0xab
[  132.446355]        handle_bug+0x3c/0x70
[  132.446375]        exc_invalid_op+0x14/0x50
[  132.446396]        asm_exc_invalid_op+0x16/0x20
[  132.446422]        group_sched_out.part.0+0x2c7/0x460
[  132.446437]        ctx_sched_out+0x8f1/0xc10
[  132.446452]        __perf_event_task_sched_out+0x6d0/0x18d0
[  132.446470]        __schedule+0xedd/0x2470
[  132.446486]        schedule+0xda/0x1b0
[  132.446501]        exit_to_user_mode_prepare+0x114/0x1a0
[  132.446530]        syscall_exit_to_user_mode+0x19/0x40
[  132.446559]        do_syscall_64+0x48/0x90
[  132.446580]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.446606] 
[  132.446606] other info that might help us debug this:
[  132.446606] 
[  132.446610] Chain exists of:
[  132.446610]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  132.446610] 
[  132.446632]  Possible unsafe locking scenario:
[  132.446632] 
[  132.446635]        CPU0                    CPU1
[  132.446638]        ----                    ----
[  132.446642]   lock(&ctx->lock);
[  132.446650]                                lock(&rq->__lock);
[  132.446659]                                lock(&ctx->lock);
[  132.446669]   lock((console_sem).lock);
[  132.446677] 
[  132.446677]  *** DEADLOCK ***
[  132.446677] 
[  132.446680] 2 locks held by syz-executor.2/3893:
[  132.446690]  #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  132.446729]  #1: ffff88800ea54c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  132.446770] 
[  132.446770] stack backtrace:
[  132.446774] CPU: 0 PID: 3893 Comm: syz-executor.2 Not tainted 6.0.0-rc5-next-20220915 #1
[  132.446793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  132.446805] Call Trace:
[  132.446810]  <TASK>
[  132.446816]  dump_stack_lvl+0x8b/0xb3
[  132.446838]  check_noncircular+0x263/0x2e0
[  132.446864]  ? format_decode+0x26c/0xb50
[  132.446886]  ? print_circular_bug+0x450/0x450
[  132.446912]  ? enable_ptr_key_workfn+0x20/0x20
[  132.446936]  ? format_decode+0x26c/0xb50
[  132.446960]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  132.446987]  __lock_acquire+0x2a02/0x5e70
[  132.447019]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  132.447054]  lock_acquire+0x1a2/0x530
[  132.447080]  ? down_trylock+0xe/0x70
[  132.447102]  ? rcu_read_unlock+0x40/0x40
[  132.447133]  ? vprintk+0x84/0xa0
[  132.447161]  _raw_spin_lock_irqsave+0x39/0x60
[  132.447185]  ? down_trylock+0xe/0x70
[  132.447206]  down_trylock+0xe/0x70
[  132.447226]  ? vprintk+0x84/0xa0
[  132.447252]  __down_trylock_console_sem+0x3b/0xd0
[  132.447279]  vprintk_emit+0x16b/0x560
[  132.447308]  vprintk+0x84/0xa0
[  132.447335]  _printk+0xba/0xf1
[  132.447363]  ? record_print_text.cold+0x16/0x16
[  132.447397]  ? report_bug.cold+0x66/0xab
[  132.447419]  ? group_sched_out.part.0+0x2c7/0x460
[  132.447436]  report_bug.cold+0x72/0xab
[  132.447460]  handle_bug+0x3c/0x70
[  132.447481]  exc_invalid_op+0x14/0x50
[  132.447504]  asm_exc_invalid_op+0x16/0x20
[  132.447535] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  132.447555] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  132.447572] RSP: 0018:ffff88801cdbfc48 EFLAGS: 00010006
[  132.447585] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  132.447597] RDX: ffff888015f7d040 RSI: ffffffff81566027 RDI: 0000000000000005
[  132.447608] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  132.447619] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800ea54c00
[  132.447631] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  132.447647]  ? group_sched_out.part.0+0x2c7/0x460
[  132.447667]  ? group_sched_out.part.0+0x2c7/0x460
[  132.447686]  ctx_sched_out+0x8f1/0xc10
[  132.447705]  __perf_event_task_sched_out+0x6d0/0x18d0
[  132.447730]  ? lock_is_held_type+0xd7/0x130
[  132.447768]  ? __perf_cgroup_move+0x160/0x160
[  132.447792]  ? set_next_entity+0x304/0x550
[  132.447826]  ? update_curr+0x267/0x740
[  132.447854]  ? lock_is_held_type+0xd7/0x130
[  132.447881]  __schedule+0xedd/0x2470
[  132.447902]  ? io_schedule_timeout+0x150/0x150
[  132.447921]  ? rcu_read_lock_sched_held+0x3e/0x80
[  132.447951]  schedule+0xda/0x1b0
[  132.447968]  exit_to_user_mode_prepare+0x114/0x1a0
[  132.447998]  syscall_exit_to_user_mode+0x19/0x40
[  132.448025]  do_syscall_64+0x48/0x90
[  132.448046]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.448073] RIP: 0033:0x7f4a7abf4b19
[  132.448086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  132.448102] RSP: 002b:00007f4a7816a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  132.448119] RAX: 0000000000000001 RBX: 00007f4a7ad07f68 RCX: 00007f4a7abf4b19
[  132.448130] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4a7ad07f6c
[  132.448141] RBP: 00007f4a7ad07f60 R08: 000000000000000e R09: 0000000000000000
[  132.448152] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4a7ad07f6c
[  132.448163] R13: 00007ffed605244f R14: 00007f4a7816a300 R15: 0000000000022000
[  132.448182]  </TASK>
[  132.528938] WARNING: CPU: 0 PID: 3893 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  132.529885] Modules linked in:
[  132.530222] CPU: 0 PID: 3893 Comm: syz-executor.2 Not tainted 6.0.0-rc5-next-20220915 #1
[  132.531041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  132.532185] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  132.532766] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  132.534613] RSP: 0018:ffff88801cdbfc48 EFLAGS: 00010006
[  132.535162] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  132.535893] RDX: ffff888015f7d040 RSI: ffffffff81566027 RDI: 0000000000000005
[  132.536643] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  132.537375] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800ea54c00
[  132.538102] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  132.538843] FS:  00007f4a7816a700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  132.539665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  132.540264] CR2: 00007f94b7eff8d0 CR3: 000000000d1de000 CR4: 0000000000350ef0
[  132.541001] Call Trace:
[  132.541273]  <TASK>
[  132.541525]  ctx_sched_out+0x8f1/0xc10
[  132.541941]  __perf_event_task_sched_out+0x6d0/0x18d0
[  132.542476]  ? lock_is_held_type+0xd7/0x130
[  132.542943]  ? __perf_cgroup_move+0x160/0x160
[  132.543412]  ? set_next_entity+0x304/0x550
[  132.543850]  ? update_curr+0x267/0x740
[  132.544248]  ? lock_is_held_type+0xd7/0x130
[  132.544723]  __schedule+0xedd/0x2470
[  132.545109]  ? io_schedule_timeout+0x150/0x150
[  132.545580]  ? rcu_read_lock_sched_held+0x3e/0x80
[  132.546079]  schedule+0xda/0x1b0
[  132.546430]  exit_to_user_mode_prepare+0x114/0x1a0
[  132.546933]  syscall_exit_to_user_mode+0x19/0x40
[  132.547421]  do_syscall_64+0x48/0x90
[  132.547804]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.548327] RIP: 0033:0x7f4a7abf4b19
[  132.548708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  132.550490] RSP: 002b:00007f4a7816a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  132.551237] RAX: 0000000000000001 RBX: 00007f4a7ad07f68 RCX: 00007f4a7abf4b19
[  132.551939] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4a7ad07f6c
[  132.552645] RBP: 00007f4a7ad07f60 R08: 000000000000000e R09: 0000000000000000
[  132.553347] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4a7ad07f6c
[  132.554046] R13: 00007ffed605244f R14: 00007f4a7816a300 R15: 0000000000022000
[  132.554756]  </TASK>
[  132.554996] irq event stamp: 620
[  132.555332] hardirqs last  enabled at (619): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  132.556262] hardirqs last disabled at (620): [<ffffffff8424cb25>] __schedule+0x1225/0x2470
[  132.557087] softirqs last  enabled at (452): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  132.557938] softirqs last disabled at (333): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  132.558769] ---[ end trace 0000000000000000 ]---
[  134.198631] loop6: detected capacity change from 0 to 264192
[  134.206913] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  134.227943] audit: type=1400 audit(1663249857.700:9): avc:  denied  { write } for  pid=3963 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  134.231157] audit: type=1400 audit(1663249857.703:10): avc:  denied  { block_suspend } for  pid=3963 comm="syz-executor.6" capability=36  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[  137.289468] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  137.417453] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  141.513516] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  141.641464] Bluetooth: hci6: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
13:50:56  Registers:
info registers vcpu 0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff822b296c RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88801cdbf640
R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001
R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ec83c3 R15=dffffc0000000000
RIP=ffffffff822b29c1 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f4a7816a700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f94b7eff8d0 CR3=000000000d1de000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f4a7acdb7c0 00007f4a7acdb7c8
YMM02=0000000000000000 0000000000000000 00007f4a7acdb7e0 00007f4a7acdb7c0
YMM03=0000000000000000 0000000000000000 00007f4a7acdb7c8 00007f4a7acdb7c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=1ffff1100120fef5 RCX=ffffffff812a3fcf RDX=0000000000000001
RSI=0000000000000008 RDI=ffffffff85b02f50 RBP=0000000000000001 RSP=ffff88800907f798
R8 =0000000000000000 R9 =ffffffff85b02f57 R10=fffffbfff0b605ea R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=ffff88800851c7e8 R15=0000000000000000
RIP=ffffffff812a3fdc RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5dc7f6d8e0 CR3=000000000eeb2000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000