syzkaller login: [   42.157711] sshd (243) used greatest stack depth: 24768 bytes left
Warning: Permanently added '[localhost]:14477' (ECDSA) to the list of known hosts.
2022/09/16 12:05:07 fuzzer started
2022/09/16 12:05:07 dialing manager at localhost:36051
[   45.830350] cgroup: Unknown subsys name 'net'
[   45.948304] cgroup: Unknown subsys name 'rlimit'
2022/09/16 12:05:23 syscalls: 2215
2022/09/16 12:05:23 code coverage: enabled
2022/09/16 12:05:23 comparison tracing: enabled
2022/09/16 12:05:23 extra coverage: enabled
2022/09/16 12:05:23 setuid sandbox: enabled
2022/09/16 12:05:23 namespace sandbox: enabled
2022/09/16 12:05:23 Android sandbox: enabled
2022/09/16 12:05:23 fault injection: enabled
2022/09/16 12:05:23 leak checking: enabled
2022/09/16 12:05:23 net packet injection: enabled
2022/09/16 12:05:23 net device setup: enabled
2022/09/16 12:05:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/16 12:05:23 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/16 12:05:23 USB emulation: enabled
2022/09/16 12:05:23 hci packet injection: enabled
2022/09/16 12:05:23 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220916                                          )
2022/09/16 12:05:23 802.15.4 emulation: enabled
2022/09/16 12:05:23 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/16 12:05:23 fetching corpus: 50, signal 25321/28821 (executing program)
2022/09/16 12:05:23 fetching corpus: 100, signal 39604/44398 (executing program)
2022/09/16 12:05:23 fetching corpus: 150, signal 50081/56027 (executing program)
2022/09/16 12:05:23 fetching corpus: 200, signal 57317/64386 (executing program)
2022/09/16 12:05:24 fetching corpus: 250, signal 63878/71917 (executing program)
2022/09/16 12:05:24 fetching corpus: 300, signal 69242/78212 (executing program)
2022/09/16 12:05:24 fetching corpus: 350, signal 75006/84774 (executing program)
2022/09/16 12:05:24 fetching corpus: 400, signal 78416/89151 (executing program)
2022/09/16 12:05:24 fetching corpus: 450, signal 83619/94995 (executing program)
2022/09/16 12:05:24 fetching corpus: 500, signal 86683/98821 (executing program)
2022/09/16 12:05:24 fetching corpus: 550, signal 89381/102302 (executing program)
2022/09/16 12:05:24 fetching corpus: 600, signal 93502/106967 (executing program)
2022/09/16 12:05:25 fetching corpus: 650, signal 96066/110124 (executing program)
2022/09/16 12:05:25 fetching corpus: 700, signal 99359/113915 (executing program)
2022/09/16 12:05:25 fetching corpus: 750, signal 102667/117656 (executing program)
2022/09/16 12:05:25 fetching corpus: 800, signal 105589/120996 (executing program)
2022/09/16 12:05:25 fetching corpus: 850, signal 108062/123854 (executing program)
2022/09/16 12:05:25 fetching corpus: 900, signal 110978/127112 (executing program)
2022/09/16 12:05:25 fetching corpus: 950, signal 113001/129554 (executing program)
2022/09/16 12:05:26 fetching corpus: 1000, signal 115644/132432 (executing program)
2022/09/16 12:05:26 fetching corpus: 1050, signal 117138/134412 (executing program)
2022/09/16 12:05:26 fetching corpus: 1100, signal 119342/136876 (executing program)
2022/09/16 12:05:26 fetching corpus: 1150, signal 121355/139096 (executing program)
2022/09/16 12:05:26 fetching corpus: 1200, signal 122722/140873 (executing program)
2022/09/16 12:05:26 fetching corpus: 1250, signal 123996/142604 (executing program)
2022/09/16 12:05:26 fetching corpus: 1300, signal 126012/144798 (executing program)
2022/09/16 12:05:26 fetching corpus: 1350, signal 127717/146688 (executing program)
2022/09/16 12:05:27 fetching corpus: 1400, signal 129979/148986 (executing program)
2022/09/16 12:05:27 fetching corpus: 1450, signal 131571/150758 (executing program)
2022/09/16 12:05:27 fetching corpus: 1500, signal 134219/153187 (executing program)
2022/09/16 12:05:27 fetching corpus: 1550, signal 135682/154785 (executing program)
2022/09/16 12:05:27 fetching corpus: 1600, signal 137734/156729 (executing program)
2022/09/16 12:05:27 fetching corpus: 1650, signal 139939/158772 (executing program)
2022/09/16 12:05:27 fetching corpus: 1700, signal 142681/161060 (executing program)
2022/09/16 12:05:27 fetching corpus: 1750, signal 143481/162057 (executing program)
2022/09/16 12:05:28 fetching corpus: 1800, signal 145075/163564 (executing program)
2022/09/16 12:05:28 fetching corpus: 1850, signal 146549/164967 (executing program)
2022/09/16 12:05:28 fetching corpus: 1900, signal 147864/166290 (executing program)
2022/09/16 12:05:28 fetching corpus: 1950, signal 148975/167443 (executing program)
2022/09/16 12:05:28 fetching corpus: 2000, signal 150110/168519 (executing program)
2022/09/16 12:05:28 fetching corpus: 2050, signal 150799/169376 (executing program)
2022/09/16 12:05:28 fetching corpus: 2100, signal 151574/170224 (executing program)
2022/09/16 12:05:29 fetching corpus: 2150, signal 152484/171167 (executing program)
2022/09/16 12:05:29 fetching corpus: 2200, signal 153675/172218 (executing program)
2022/09/16 12:05:29 fetching corpus: 2250, signal 154481/172989 (executing program)
2022/09/16 12:05:29 fetching corpus: 2300, signal 155873/174092 (executing program)
2022/09/16 12:05:29 fetching corpus: 2350, signal 157923/175538 (executing program)
2022/09/16 12:05:29 fetching corpus: 2400, signal 159358/176608 (executing program)
2022/09/16 12:05:29 fetching corpus: 2450, signal 160334/177445 (executing program)
2022/09/16 12:05:29 fetching corpus: 2500, signal 162107/178607 (executing program)
2022/09/16 12:05:30 fetching corpus: 2550, signal 163263/179432 (executing program)
2022/09/16 12:05:30 fetching corpus: 2600, signal 164299/180165 (executing program)
2022/09/16 12:05:30 fetching corpus: 2650, signal 165819/181165 (executing program)
2022/09/16 12:05:30 fetching corpus: 2700, signal 166695/181813 (executing program)
2022/09/16 12:05:30 fetching corpus: 2750, signal 167672/182510 (executing program)
2022/09/16 12:05:30 fetching corpus: 2800, signal 168737/183281 (executing program)
2022/09/16 12:05:31 fetching corpus: 2850, signal 169649/183938 (executing program)
2022/09/16 12:05:31 fetching corpus: 2900, signal 170252/184423 (executing program)
2022/09/16 12:05:31 fetching corpus: 2950, signal 171841/185211 (executing program)
2022/09/16 12:05:31 fetching corpus: 3000, signal 172632/185721 (executing program)
2022/09/16 12:05:31 fetching corpus: 3050, signal 173329/186215 (executing program)
2022/09/16 12:05:31 fetching corpus: 3100, signal 174994/187225 (executing program)
2022/09/16 12:05:31 fetching corpus: 3150, signal 176301/187876 (executing program)
2022/09/16 12:05:32 fetching corpus: 3200, signal 177456/188397 (executing program)
2022/09/16 12:05:32 fetching corpus: 3250, signal 178530/188920 (executing program)
2022/09/16 12:05:32 fetching corpus: 3300, signal 179963/189683 (executing program)
2022/09/16 12:05:32 fetching corpus: 3350, signal 181112/190178 (executing program)
2022/09/16 12:05:32 fetching corpus: 3400, signal 181707/190497 (executing program)
2022/09/16 12:05:32 fetching corpus: 3450, signal 182589/190869 (executing program)
2022/09/16 12:05:32 fetching corpus: 3500, signal 183312/191164 (executing program)
2022/09/16 12:05:33 fetching corpus: 3550, signal 184009/191418 (executing program)
2022/09/16 12:05:33 fetching corpus: 3600, signal 184850/191731 (executing program)
2022/09/16 12:05:33 fetching corpus: 3650, signal 185747/192306 (executing program)
2022/09/16 12:05:33 fetching corpus: 3700, signal 186479/192723 (executing program)
2022/09/16 12:05:33 fetching corpus: 3750, signal 187027/192888 (executing program)
2022/09/16 12:05:33 fetching corpus: 3800, signal 187882/193117 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193202 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193258 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193328 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193396 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193465 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193523 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193592 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193646 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193714 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193780 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193840 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193904 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/193967 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/194026 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/194081 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/194149 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/194221 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/194236 (executing program)
2022/09/16 12:05:33 fetching corpus: 3807, signal 187904/194236 (executing program)
2022/09/16 12:05:36 starting 8 fuzzer processes
12:05:36 executing program 0:
io_setup(0x40, &(0x7f0000000240)=<r0=>0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
io_submit(r0, 0x2, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x0, r1, &(0x7f0000000140)="67107431c8ff", 0x6}])

12:05:36 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:05:36 executing program 1:
r0 = getpid()
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
clone3(&(0x7f0000000440)={0x80202800, 0x0, &(0x7f0000000040), 0x0, {0x3f}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000004c80)=""/102400, &(0x7f0000000100)}, 0x58)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, 0x0, 0x0)
perf_event_open(&(0x7f00000005c0)={0x3, 0x80, 0x8, 0x3, 0x0, 0x3f, 0x0, 0x2, 0x80180, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xff, 0x1, @perf_config_ext={0x101}, 0x28, 0x1000, 0xffff8001, 0x1, 0x6, 0xa731, 0x4, 0x0, 0x3, 0x0, 0x8}, 0x0, 0x5, 0xffffffffffffffff, 0x9)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000380))
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x40, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x2)
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.log\x00', 0x25a581, 0x5)
perf_event_open(&(0x7f0000000640)={0x3, 0x80, 0x20, 0x6, 0x40, 0x3f, 0x0, 0xc348, 0x40006, 0xbc5a9802c942d7a8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, @perf_config_ext={0x200}, 0x14416, 0xfffffffffffffffe, 0x7, 0x1, 0x0, 0x401, 0xffff, 0x0, 0x50000, 0x0, 0x4}, r0, 0x8, r2, 0x1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

12:05:36 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="14"], 0x28}}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

12:05:36 executing program 3:
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_KEY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44000}, 0x4000006)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x0, "66b3e8104f288835"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040))
mknodat$loop(0xffffffffffffff9c, 0x0, 0x3c01, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000280)={0x133323100, &(0x7f00000000c0), 0x0, 0x0, {0x26}, 0x0, 0x0, 0x0, 0x0}, 0x58)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000000)={0x5, 0x2, 0x0, 0x1, 0x4})

[   73.140201] audit: type=1400 audit(1663329936.200:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:05:36 executing program 7:
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xdc800, 0x1e, &(0x7f0000000200)=[{&(0x7f0000010000)="00000000000000000000000000000000000000000000000000000000000000ffffff00ffffff000000000000000000ffffff00ffffff000000000000000000ffffff00ffffff000000000000000000ffffff00ffffff000000000000000055aa", 0x60, 0x1a0}, {&(0x7f0000010100)="4244db8cf0c2db8cf0c2818000060003003501b800000800000020000004000000180000054344524f4d000000000000000000000000000000000000000000000000000000000000006b000060000000c00000010000000700000001000000000000000000000000000000000000000000000000000000000000000000000000000000006000018f000c00000000000000000000c000019b0018000000000000", 0xa0, 0x400}, {&(0x7f0000010200)="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x200, 0x600}, {&(0x7f0000010400)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b9010000000001b9000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181400000000000000000000160000000022001c0000000000001c00080000000008007809140b2a3a08020000010000010100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202073797a6b616c6c65722020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202047454e49534f494d4147452049534f20393636302f4846532046494c4553595354454d2043524541544f5220284329203139393320452e594f554e4744414c452028432920313939372d32303036204a2e50454152534f4e2f4a2e534348494c4c494e472028432920323030362d32303037204344524b4954205445414d202066696c6533202020202020202020202020202020202020202020202020202020202020202066696c6531202020202020202020202020202020202020202020202020202020202020202066696c6532202020202020202020202020202020202020202020202020202020202020202032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8000}, {&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000b9010000000001b9252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e0000000000001e00080000000008007809140b2a3a08020000010000010100002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000730079007a006b0061006c006c006500720020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000470045004e00490053004f0049004d004100470045002000490053004f00200039003600360030005f004800460053002000460049004c004500530059005300540045004d002000430052004500410054004f005200200028004300290020003100390039003300200045002e0059004f0055004e004700440041004c004500660069006c0065003300200020002000200020002000200020002000200020002000200000660069006c0065003100200020002000200020002000200020002000200020002000200000660069006c0065003200200020002000200020002000200020002000200020002000200032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8800}, {&(0x7f0000011000)="ff43443030310100"/32, 0x20, 0x9000}, {&(0x7f0000011100)="01001c0000000100000005001d000000010046494c4530000000000000000000", 0x20, 0xa000}, {&(0x7f0000011200)="01000000001c0001000005000000001d000146494c4530000000000000000000", 0x20, 0xb000}, {&(0x7f0000011300)="01001e000000010000000a001f000000010000660069006c0065003000000000", 0x20, 0xc000}, {&(0x7f0000011400)="01000000001e000100000a000000001f000100660069006c0065003000000000", 0x20, 0xd000}, {&(0x7f0000011500)="22001c0000000000001c00080000000008007809140b2a3a0802000001000001010022001c0000000000001c00080000000008007809140b2a3a080200000100000101012c00200000000000002064000000000000647809140b2a3a08000000010000010a46494c452e434f4c3b310026001d0000000000001d00080000000008007809140b2a3a08020000010000010546494c45302a0021000000000000210a0000000000000a7809140b2a3a08000000010000010846494c45312e3b31002a00220000000000002228230000000023287809140b2a3a08000000010000010846494c45322e3b31002a00270000000000002728230000000023287809140b2a3a08000000010000010846494c45332e3b3100"/288, 0x120, 0xe000}, {&(0x7f0000011700)="22001d0000000000001d00080000000008007809140b2a3a0802000001000001010022001c0000000000001c00080000000008007809140b2a3a080200000100000101012a002c0000000000002c1a0400000000041a7809140b2a3a08000000010000010846494c45302e3b3100"/128, 0x80, 0xe800}, {&(0x7f0000011800)="22001e0000000000001e00080000000008007809140b2a3a0802000001000001010022001e0000000000001e00080000000008007809140b2a3a080200000100000101013400200000000000002064000000000000647809140b2a3a08000000010000011200660069006c0065002e0063006f006c0064002c001f0000000000001f00080000000008007809140b2a3a08020000010000010a00660069006c00650030002c0021000000000000210a0000000000000a7809140b2a3a08000000010000010a00660069006c00650031002c00220000000000002228230000000023287809140b2a3a08000000010000010a00660069006c00650032002c00270000000000002728230000000023287809140b2a3a08000000010000010a00660069006c0065003300"/320, 0x140, 0xf000}, {&(0x7f0000011a00)="22001f0000000000001f00080000000008007809140b2a3a0802000001000001010022001e0000000000001e00080000000008007809140b2a3a080200000100000101012c002c0000000000002c1a0400000000041a7809140b2a3a08000000010000010a00660069006c0065003000"/128, 0x80, 0xf800}, {&(0x7f0000011b00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x10000}, {&(0x7f0000011c00)='syzkallers\x00'/32, 0x20, 0x10800}, {&(0x7f0000011d00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x16000}, {&(0x7f0000012200)="000000000000000001000003000000000000000000000000000000000000000002000007000000300000002f00"/64, 0x40, 0xc8000}, {&(0x7f0000012300)="0000000000000000000000000000000000000000000000008000000000000000", 0x20, 0xc80e0}, {&(0x7f0000012400)="00000000000000000000000000000000000000000000000001f800f80078000e", 0x20, 0xc81e0}, {&(0x7f0000012500)="00000000000000000100000300000002000000030000000b000000010000000402000025000000600000005b00"/64, 0x40, 0xce000}, {&(0x7f0000012600)="000000000000000000000000000000000000000000000000f800000000000000", 0x20, 0xce0e0}, {&(0x7f0000012700)="00000000000000000000000000000000000000000000000001f800f80078000e0000000200000000ff01000400000b0000000001054344524f4d01000000000700000002db8cf0c2db8cf0c20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000200000300000000000000000000000001054344524f4d00000000000000000000000000000000000000000000000000001100000000020a4465736b746f7020444200020000004254464c444d475240000000000000000000001601b3000020000000200000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000001b300040000000000000000000000000000000000000000000000001100000000020a4465736b746f7020444600020000004454464c444d47524000000000000000000000170000000000000000000000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000696c65320200000054455854756e69780000000000000000000000120021000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000002100050000000000000000000000000000000000000000000000000000000001f00186010e00960060000e0000000400000001ff01000300000f00000000020966696c652e636f6c640200000054455854756e6978000000000000000000000010001f000000640000080000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001f00010000000000000000000000000000000000000000000000000b00000000020566696c653001000000000100000014db8cf0c2db8cf0c27c25cca00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b00000000020566696c65310200000054455854756e697800000000000000000000001100200000000a0000080000000000000000000000db8cf0c2db8cf0c27c25cca00000000000000000000000000000000000000020000100000000000000000000000000000000000000000000000000000000002100050000000000000000000000000000000000000000000000000000000000020566696c65330200000054455854756e69780000000000000000000000130026000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000000260005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f001da014800d60084000e0000000000000000000200030000250000000001054344524f4d0000000000000000000000000000000000000000000000000000000000012500000000020966696c652e636f6c6400000000000000000000000000000000000000000000000000022500000000020566696c653200000000000000000000000000000000000000000000000000000000000400"/1216, 0x4c0, 0xce1e0}, {&(0x7f0000012c00)="000000000000000000000000000000000000000000000000008c00620038000e0000000000000002ff01000400000b00000000020566696c65320200000054455854756e69780000000000000000000000120021000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000002100050000000000000000000000000000000000000000000000000b00000000020566696c65330200000054455854756e69780000000000000000000000130026000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000000260005000000000000000000000000000000000000000000000000070000000014000003000000000000000000000000020566696c653000000000000000000000000000000000000000000000000000000b00000000140566696c65300200000054455854756e6978000000000000000000000015002b0000041a0000080000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000002b0001000000000000000000000000000000000000000000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000000260005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f0019a012800f20080000e", 0x220, 0xce7e0}, {&(0x7f0000012f00)="00000000000000000000000000000000000000000000000041e1000000000000", 0x20, 0xcfbc0}, {&(0x7f0000013000)="000000000000000001000003000000000000000000000000000000000000000002000025000000100000000f00000000200000ff00"/64, 0x40, 0xda000}, {&(0x7f0000013100)="000000000000000000000000000000000000000000000000020a010000000000", 0x20, 0xda060}, {&(0x7f0000013200)="0000000000000000000000000000000000000000000000008000000000000000", 0x20, 0xda0e0}, {&(0x7f0000013300)="00000000000000000000000000000000000000000000000001f800f80078000e", 0x20, 0xda1e0}, {&(0x7f0000013400)="4244db8cf0c2db8cf0c2010000000003002401b800000800000020000004000000100194054344524f4d0000000000000000000000000000000000000000000000000000000000000005000060000000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000c00000000000000000000c000000c0018000000000000", 0xa0, 0xdc000}], 0x0, &(0x7f0000013500))

12:05:36 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x14481, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
stat(&(0x7f0000000040)='./file0/file0\x00', 0x0)

12:05:36 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00')
pread64(r0, &(0x7f0000009780)=""/112, 0x70, 0x2000000)

[   74.403400] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.405026] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   74.408122] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.409194] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   74.410759] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.411933] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   74.415546] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.416539] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   74.418517] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.419655] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   74.434872] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   74.436552] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.440400] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   74.446891] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   74.450104] Bluetooth: hci0: HCI_REQ-0x0c1a
[   74.451921] Bluetooth: hci1: HCI_REQ-0x0c1a
[   74.459439] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   74.463576] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   74.465791] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   74.472007] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   74.474880] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   74.476488] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   74.477964] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   74.482773] Bluetooth: hci5: HCI_REQ-0x0c1a
[   74.483502] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   74.493989] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   74.495293] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   74.501913] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   74.503368] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   74.504935] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   74.510168] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   74.512178] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   74.515367] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   74.517196] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   74.517534] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   74.518480] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   74.528446] Bluetooth: hci7: HCI_REQ-0x0c1a
[   74.543766] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   74.546145] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   74.547614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   74.550904] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   74.553918] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   74.555427] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   74.565705] Bluetooth: hci6: HCI_REQ-0x0c1a
[   74.581027] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   74.584220] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   74.585505] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   74.590569] Bluetooth: hci2: HCI_REQ-0x0c1a
[   74.601886] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   74.605885] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   74.612899] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   74.614072] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   74.618348] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   74.620102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   74.642704] Bluetooth: hci3: HCI_REQ-0x0c1a
[   74.645718] Bluetooth: hci4: HCI_REQ-0x0c1a
[   76.468011] Bluetooth: hci1: command 0x0409 tx timeout
[   76.532724] Bluetooth: hci5: command 0x0409 tx timeout
[   76.533357] Bluetooth: hci0: command 0x0409 tx timeout
[   76.596677] Bluetooth: hci6: command 0x0409 tx timeout
[   76.597201] Bluetooth: hci7: command 0x0409 tx timeout
[   76.659773] Bluetooth: hci3: command 0x0409 tx timeout
[   76.661362] Bluetooth: hci4: command 0x0409 tx timeout
[   76.662316] Bluetooth: hci2: command 0x0409 tx timeout
[   78.515688] Bluetooth: hci1: command 0x041b tx timeout
[   78.579746] Bluetooth: hci0: command 0x041b tx timeout
[   78.580680] Bluetooth: hci5: command 0x041b tx timeout
[   78.643697] Bluetooth: hci7: command 0x041b tx timeout
[   78.644222] Bluetooth: hci6: command 0x041b tx timeout
[   78.707699] Bluetooth: hci2: command 0x041b tx timeout
[   78.708229] Bluetooth: hci4: command 0x041b tx timeout
[   78.708815] Bluetooth: hci3: command 0x041b tx timeout
[   80.563710] Bluetooth: hci1: command 0x040f tx timeout
[   80.627927] Bluetooth: hci5: command 0x040f tx timeout
[   80.628916] Bluetooth: hci0: command 0x040f tx timeout
[   80.691825] Bluetooth: hci6: command 0x040f tx timeout
[   80.692708] Bluetooth: hci7: command 0x040f tx timeout
[   80.755713] Bluetooth: hci3: command 0x040f tx timeout
[   80.756565] Bluetooth: hci4: command 0x040f tx timeout
[   80.757366] Bluetooth: hci2: command 0x040f tx timeout
[   82.611746] Bluetooth: hci1: command 0x0419 tx timeout
[   82.675737] Bluetooth: hci0: command 0x0419 tx timeout
[   82.676904] Bluetooth: hci5: command 0x0419 tx timeout
[   82.739721] Bluetooth: hci7: command 0x0419 tx timeout
[   82.740573] Bluetooth: hci6: command 0x0419 tx timeout
[   82.803741] Bluetooth: hci2: command 0x0419 tx timeout
[   82.804565] Bluetooth: hci4: command 0x0419 tx timeout
[   82.805730] Bluetooth: hci3: command 0x0419 tx timeout
12:06:33 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:06:33 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:06:33 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:06:34 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:06:34 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:06:34 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x14481, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
stat(&(0x7f0000000040)='./file0/file0\x00', 0x0)

12:06:34 executing program 2:
r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgrp(0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)={0x54, 0x0, 0x1, 0xfffffffd, 0x10, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x35, 0x33, @reassoc_req={@with_ht={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {}, @broadcast}}, 0x0, 0x0, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{0x9, 0x1}]}, @void}}]}, 0x54}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000480)=""/106, 0x6a}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000006c0)=""/151, 0x97}], 0x5)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x19, 0x4, @tid=r1}, &(0x7f0000000040)=<r2=>0x0)
r3 = getpgrp(0x0)
timer_delete(r2)
clone3(&(0x7f0000000400)={0x94000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140), {}, &(0x7f0000000180)=""/41, 0x29, &(0x7f0000000280)=""/217, &(0x7f00000003c0)=[0x0, r0, r1, r3, r0], 0x5}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r4, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
sendfile(r5, r4, 0x0, 0x80000001)

12:06:34 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x14481, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
stat(&(0x7f0000000040)='./file0/file0\x00', 0x0)

[  132.598793] loop7: detected capacity change from 0 to 3520
[  132.937166] audit: type=1400 audit(1663329995.997:7): avc:  denied  { open } for  pid=3930 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  132.939072] audit: type=1400 audit(1663329995.997:8): avc:  denied  { kernel } for  pid=3930 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  132.959529] ------------[ cut here ]------------
[  132.959550] 
[  132.959553] ======================================================
[  132.959556] WARNING: possible circular locking dependency detected
[  132.959561] 6.0.0-rc5-next-20220916 #1 Not tainted
[  132.959567] ------------------------------------------------------
[  132.959570] syz-executor.1/3931 is trying to acquire lock:
[  132.959576] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  132.959614] 
[  132.959614] but task is already holding lock:
[  132.959617] ffff88800f179820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  132.959644] 
[  132.959644] which lock already depends on the new lock.
[  132.959644] 
[  132.959646] 
[  132.959646] the existing dependency chain (in reverse order) is:
[  132.959649] 
[  132.959649] -> #3 (&ctx->lock){....}-{2:2}:
[  132.959663]        _raw_spin_lock+0x2a/0x40
[  132.959680]        __perf_event_task_sched_out+0x53b/0x18d0
[  132.959692]        __schedule+0xedd/0x2470
[  132.959702]        schedule+0xda/0x1b0
[  132.959712]        exit_to_user_mode_prepare+0x114/0x1a0
[  132.959731]        syscall_exit_to_user_mode+0x19/0x40
[  132.959749]        do_syscall_64+0x48/0x90
[  132.959762]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.959779] 
[  132.959779] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  132.959792]        _raw_spin_lock_nested+0x30/0x40
[  132.959807]        raw_spin_rq_lock_nested+0x1e/0x30
[  132.959819]        task_fork_fair+0x63/0x4d0
[  132.959835]        sched_cgroup_fork+0x3d0/0x540
[  132.959849]        copy_process+0x4183/0x6e20
[  132.959859]        kernel_clone+0xe7/0x890
[  132.959868]        user_mode_thread+0xad/0xf0
[  132.959878]        rest_init+0x24/0x250
[  132.959894]        arch_call_rest_init+0xf/0x14
[  132.959905]        start_kernel+0x4c1/0x4e6
[  132.959915]        secondary_startup_64_no_verify+0xe0/0xeb
[  132.959929] 
[  132.959929] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  132.959942]        _raw_spin_lock_irqsave+0x39/0x60
[  132.959957]        try_to_wake_up+0xab/0x1920
[  132.959970]        up+0x75/0xb0
[  132.959981]        __up_console_sem+0x6e/0x80
[  132.959996]        console_unlock+0x46a/0x590
[  132.960011]        con_install+0x14e/0x5d0
[  132.960021]        tty_init_dev.part.0+0xa0/0x610
[  132.960034]        tty_open+0xbc0/0x1370
[  132.960045]        chrdev_open+0x268/0x6e0
[  132.960058]        do_dentry_open+0x6ca/0x12b0
[  132.960072]        path_openat+0x19e1/0x2800
[  132.960083]        do_filp_open+0x1b6/0x410
[  132.960094]        do_sys_openat2+0x171/0x4c0
[  132.960108]        __x64_sys_openat+0x13f/0x1f0
[  132.960123]        do_syscall_64+0x3b/0x90
[  132.960136]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.960152] 
[  132.960152] -> #0 ((console_sem).lock){....}-{2:2}:
[  132.960166]        __lock_acquire+0x2a02/0x5e70
[  132.960182]        lock_acquire+0x1a2/0x530
[  132.960197]        _raw_spin_lock_irqsave+0x39/0x60
[  132.960212]        down_trylock+0xe/0x70
[  132.960223]        __down_trylock_console_sem+0x3b/0xd0
[  132.960239]        vprintk_emit+0x16b/0x560
[  132.960255]        vprintk+0x84/0xa0
[  132.960270]        _printk+0xba/0xf1
[  132.960287]        report_bug.cold+0x72/0xab
[  132.960300]        handle_bug+0x3c/0x70
[  132.960312]        exc_invalid_op+0x14/0x50
[  132.960326]        asm_exc_invalid_op+0x16/0x20
[  132.960342]        group_sched_out.part.0+0x2c7/0x460
[  132.960352]        ctx_sched_out+0x8f1/0xc10
[  132.960361]        __perf_event_task_sched_out+0x6d0/0x18d0
[  132.960373]        __schedule+0xedd/0x2470
[  132.960383]        schedule+0xda/0x1b0
[  132.960393]        exit_to_user_mode_prepare+0x114/0x1a0
[  132.960411]        syscall_exit_to_user_mode+0x19/0x40
[  132.960428]        do_syscall_64+0x48/0x90
[  132.960441]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.960457] 
[  132.960457] other info that might help us debug this:
[  132.960457] 
[  132.960460] Chain exists of:
[  132.960460]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  132.960460] 
[  132.960474]  Possible unsafe locking scenario:
[  132.960474] 
[  132.960477]        CPU0                    CPU1
[  132.960479]        ----                    ----
[  132.960481]   lock(&ctx->lock);
[  132.960486]                                lock(&rq->__lock);
[  132.960492]                                lock(&ctx->lock);
[  132.960499]   lock((console_sem).lock);
[  132.960504] 
[  132.960504]  *** DEADLOCK ***
[  132.960504] 
[  132.960506] 2 locks held by syz-executor.1/3931:
[  132.960513]  #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  132.960541]  #1: ffff88800f179820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  132.960571] 
[  132.960571] stack backtrace:
[  132.960574] CPU: 1 PID: 3931 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220916 #1
[  132.960586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  132.960594] Call Trace:
[  132.960597]  <TASK>
[  132.960601]  dump_stack_lvl+0x8b/0xb3
[  132.960616]  check_noncircular+0x263/0x2e0
[  132.960632]  ? format_decode+0x26c/0xb50
[  132.960647]  ? print_circular_bug+0x450/0x450
[  132.960663]  ? enable_ptr_key_workfn+0x20/0x20
[  132.960677]  ? __lockdep_reset_lock+0x180/0x180
[  132.960694]  ? format_decode+0x26c/0xb50
[  132.960709]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  132.960726]  __lock_acquire+0x2a02/0x5e70
[  132.960747]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  132.960769]  lock_acquire+0x1a2/0x530
[  132.960786]  ? down_trylock+0xe/0x70
[  132.960800]  ? rcu_read_unlock+0x40/0x40
[  132.960816]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  132.960837]  ? vprintk+0x84/0xa0
[  132.960855]  _raw_spin_lock_irqsave+0x39/0x60
[  132.960870]  ? down_trylock+0xe/0x70
[  132.960883]  down_trylock+0xe/0x70
[  132.960896]  ? vprintk+0x84/0xa0
[  132.960912]  __down_trylock_console_sem+0x3b/0xd0
[  132.960929]  vprintk_emit+0x16b/0x560
[  132.960946]  ? lock_downgrade+0x6d0/0x6d0
[  132.960963]  vprintk+0x84/0xa0
[  132.960981]  _printk+0xba/0xf1
[  132.960998]  ? record_print_text.cold+0x16/0x16
[  132.961018]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  132.961031]  ? lock_downgrade+0x6d0/0x6d0
[  132.961048]  ? report_bug.cold+0x66/0xab
[  132.961062]  ? group_sched_out.part.0+0x2c7/0x460
[  132.961073]  report_bug.cold+0x72/0xab
[  132.961088]  handle_bug+0x3c/0x70
[  132.961102]  exc_invalid_op+0x14/0x50
[  132.961117]  asm_exc_invalid_op+0x16/0x20
[  132.961134] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  132.961147] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  132.961158] RSP: 0018:ffff8880407ffc48 EFLAGS: 00010006
[  132.961167] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  132.961174] RDX: ffff88800ec10000 RSI: ffffffff81566027 RDI: 0000000000000005
[  132.961182] RBP: ffff88803fd10000 R08: 0000000000000005 R09: 0000000000000001
[  132.961189] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f179800
[  132.961196] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002
[  132.961207]  ? group_sched_out.part.0+0x2c7/0x460
[  132.961220]  ? group_sched_out.part.0+0x2c7/0x460
[  132.961233]  ctx_sched_out+0x8f1/0xc10
[  132.961245]  __perf_event_task_sched_out+0x6d0/0x18d0
[  132.961260]  ? lock_is_held_type+0xd7/0x130
[  132.961279]  ? __perf_cgroup_move+0x160/0x160
[  132.961290]  ? set_next_entity+0x304/0x550
[  132.961307]  ? update_curr+0x267/0x740
[  132.961325]  ? lock_is_held_type+0xd7/0x130
[  132.961344]  __schedule+0xedd/0x2470
[  132.961357]  ? io_schedule_timeout+0x150/0x150
[  132.961370]  ? __x64_sys_futex_time32+0x480/0x480
[  132.961383]  schedule+0xda/0x1b0
[  132.961395]  exit_to_user_mode_prepare+0x114/0x1a0
[  132.961414]  syscall_exit_to_user_mode+0x19/0x40
[  132.961432]  do_syscall_64+0x48/0x90
[  132.961446]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.961464] RIP: 0033:0x7f2b6fbfcb19
[  132.961472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  132.961483] RSP: 002b:00007f2b6d172218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  132.961494] RAX: 0000000000000001 RBX: 00007f2b6fd0ff68 RCX: 00007f2b6fbfcb19
[  132.961501] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2b6fd0ff6c
[  132.961508] RBP: 00007f2b6fd0ff60 R08: 000000000000000e R09: 0000000000000000
[  132.961516] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f2b6fd0ff6c
[  132.961523] R13: 00007ffdbabc0e1f R14: 00007f2b6d172300 R15: 0000000000022000
[  132.961536]  </TASK>
[  133.020010] WARNING: CPU: 1 PID: 3931 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  133.020678] Modules linked in:
[  133.020910] CPU: 1 PID: 3931 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220916 #1
[  133.021486] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  133.022305] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  133.022712] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  133.024044] RSP: 0018:ffff8880407ffc48 EFLAGS: 00010006
[  133.024440] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  133.024980] RDX: ffff88800ec10000 RSI: ffffffff81566027 RDI: 0000000000000005
[  133.025518] RBP: ffff88803fd10000 R08: 0000000000000005 R09: 0000000000000001
[  133.026056] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f179800
[  133.026582] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002
[  133.027122] FS:  00007f2b6d172700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  133.027728] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.028157] CR2: 00007fbdfa42f313 CR3: 000000000eac0000 CR4: 0000000000350ee0
[  133.028693] Call Trace:
[  133.028891]  <TASK>
[  133.029063]  ctx_sched_out+0x8f1/0xc10
[  133.029354]  __perf_event_task_sched_out+0x6d0/0x18d0
[  133.029732]  ? lock_is_held_type+0xd7/0x130
[  133.030080]  ? __perf_cgroup_move+0x160/0x160
[  133.030415]  ? set_next_entity+0x304/0x550
[  133.030732]  ? update_curr+0x267/0x740
[  133.031027]  ? lock_is_held_type+0xd7/0x130
[  133.031350]  __schedule+0xedd/0x2470
[  133.031633]  ? io_schedule_timeout+0x150/0x150
[  133.031971]  ? __x64_sys_futex_time32+0x480/0x480
[  133.032328]  schedule+0xda/0x1b0
[  133.032581]  exit_to_user_mode_prepare+0x114/0x1a0
[  133.032957]  syscall_exit_to_user_mode+0x19/0x40
[  133.033314]  do_syscall_64+0x48/0x90
[  133.033591]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.033984] RIP: 0033:0x7f2b6fbfcb19
[  133.034268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.035577] RSP: 002b:00007f2b6d172218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.036134] RAX: 0000000000000001 RBX: 00007f2b6fd0ff68 RCX: 00007f2b6fbfcb19
[  133.036649] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2b6fd0ff6c
[  133.037169] RBP: 00007f2b6fd0ff60 R08: 000000000000000e R09: 0000000000000000
[  133.037685] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f2b6fd0ff6c
[  133.038212] R13: 00007ffdbabc0e1f R14: 00007f2b6d172300 R15: 0000000000022000
[  133.038736]  </TASK>
[  133.038912] irq event stamp: 3924
[  133.039161] hardirqs last  enabled at (3923): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  133.039856] hardirqs last disabled at (3924): [<ffffffff8424c965>] __schedule+0x1225/0x2470
[  133.040460] softirqs last  enabled at (3774): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  133.041095] softirqs last disabled at (3767): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  133.041718] ---[ end trace 0000000000000000 ]---
[  135.488687] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  135.490787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  135.496663] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  135.500794] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  135.503114] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  135.505368] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  135.508756] Bluetooth: hci1: HCI_REQ-0x0c1a
[  137.523714] Bluetooth: hci1: command 0x0409 tx timeout
[  137.524741] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  137.587650] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  139.571675] Bluetooth: hci1: command 0x041b tx timeout
[  141.619667] Bluetooth: hci1: command 0x040f tx timeout
[  141.747667] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  141.811791] Bluetooth: hci5: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
12:06:36  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffff88800851c000 RCX=ffffffff817a7ff6 RDX=1ffff11000f8d618
RSI=0000000000000008 RDI=ffff888007c6b0c0 RBP=ffff888007c6b000 RSP=ffff8880401ffbf0
R8 =0000000000000000 R9 =ffffea000065fb47 R10=fffff940000cbf68 R11=0000000000000001
R12=0000000000000001 R13=0000000000000011 R14=ffff88807ffdc000 R15=0000000000000001
RIP=ffffffff817a80ac RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007faad304ab70 CR3=0000000009ac2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 2e6f747079726362 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00312e312e6f732e 6f74707972636269
YMM03=0000000000000000 0000000000000000 6c2f756e672d7875 6e696c2d34365f36
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b3251 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff8880407ff698
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001
R12=0000000000000030 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b3240
RIP=ffffffff822b32a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f2b6d172700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbdfa42f313 CR3=000000000eac0000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525
YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000