
Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:13805' (ECDSA) to the list of known hosts.
2022/09/19 14:45:36 fuzzer started
2022/09/19 14:45:37 dialing manager at localhost:42121
syzkaller login: [   36.906196] cgroup: Unknown subsys name 'net'
[   37.026426] cgroup: Unknown subsys name 'rlimit'
2022/09/19 14:45:52 syscalls: 2215
2022/09/19 14:45:52 code coverage: enabled
2022/09/19 14:45:52 comparison tracing: enabled
2022/09/19 14:45:52 extra coverage: enabled
2022/09/19 14:45:52 setuid sandbox: enabled
2022/09/19 14:45:52 namespace sandbox: enabled
2022/09/19 14:45:52 Android sandbox: enabled
2022/09/19 14:45:52 fault injection: enabled
2022/09/19 14:45:52 leak checking: enabled
2022/09/19 14:45:52 net packet injection: enabled
2022/09/19 14:45:52 net device setup: enabled
2022/09/19 14:45:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/19 14:45:52 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/19 14:45:52 USB emulation: enabled
2022/09/19 14:45:52 hci packet injection: enabled
2022/09/19 14:45:52 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220919                                          )
2022/09/19 14:45:52 802.15.4 emulation: enabled
2022/09/19 14:45:52 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/19 14:45:52 fetching corpus: 50, signal 25673/29221 (executing program)
2022/09/19 14:45:52 fetching corpus: 100, signal 38825/43784 (executing program)
2022/09/19 14:45:52 fetching corpus: 150, signal 47643/53933 (executing program)
2022/09/19 14:45:52 fetching corpus: 200, signal 58966/66298 (executing program)
2022/09/19 14:45:53 fetching corpus: 250, signal 65794/74268 (executing program)
2022/09/19 14:45:53 fetching corpus: 300, signal 71144/80681 (executing program)
2022/09/19 14:45:53 fetching corpus: 350, signal 76698/87237 (executing program)
2022/09/19 14:45:53 fetching corpus: 400, signal 79864/91431 (executing program)
2022/09/19 14:45:53 fetching corpus: 450, signal 84812/97196 (executing program)
2022/09/19 14:45:53 fetching corpus: 500, signal 90414/103525 (executing program)
2022/09/19 14:45:53 fetching corpus: 550, signal 94860/108696 (executing program)
2022/09/19 14:45:53 fetching corpus: 600, signal 98065/112713 (executing program)
2022/09/19 14:45:54 fetching corpus: 650, signal 100198/115656 (executing program)
2022/09/19 14:45:54 fetching corpus: 700, signal 102778/119071 (executing program)
2022/09/19 14:45:54 fetching corpus: 750, signal 105355/122391 (executing program)
2022/09/19 14:45:54 fetching corpus: 800, signal 108807/126352 (executing program)
2022/09/19 14:45:54 fetching corpus: 850, signal 111556/129735 (executing program)
2022/09/19 14:45:54 fetching corpus: 900, signal 114709/133331 (executing program)
2022/09/19 14:45:54 fetching corpus: 950, signal 118058/137054 (executing program)
2022/09/19 14:45:54 fetching corpus: 1000, signal 121177/140526 (executing program)
2022/09/19 14:45:55 fetching corpus: 1050, signal 123239/143114 (executing program)
2022/09/19 14:45:55 fetching corpus: 1100, signal 125691/145978 (executing program)
2022/09/19 14:45:55 fetching corpus: 1150, signal 127378/148208 (executing program)
2022/09/19 14:45:55 fetching corpus: 1200, signal 129792/150969 (executing program)
2022/09/19 14:45:55 fetching corpus: 1250, signal 131031/152787 (executing program)
2022/09/19 14:45:55 fetching corpus: 1300, signal 132250/154552 (executing program)
2022/09/19 14:45:55 fetching corpus: 1350, signal 133711/156383 (executing program)
2022/09/19 14:45:55 fetching corpus: 1400, signal 135282/158417 (executing program)
2022/09/19 14:45:56 fetching corpus: 1450, signal 138348/161620 (executing program)
2022/09/19 14:45:56 fetching corpus: 1500, signal 139506/163228 (executing program)
2022/09/19 14:45:56 fetching corpus: 1550, signal 140747/164846 (executing program)
2022/09/19 14:45:56 fetching corpus: 1600, signal 143216/167526 (executing program)
2022/09/19 14:45:56 fetching corpus: 1650, signal 144885/169425 (executing program)
2022/09/19 14:45:56 fetching corpus: 1700, signal 145789/170813 (executing program)
2022/09/19 14:45:56 fetching corpus: 1750, signal 147088/172340 (executing program)
2022/09/19 14:45:56 fetching corpus: 1800, signal 148372/173910 (executing program)
2022/09/19 14:45:56 fetching corpus: 1850, signal 149621/175402 (executing program)
2022/09/19 14:45:57 fetching corpus: 1900, signal 151183/177083 (executing program)
2022/09/19 14:45:57 fetching corpus: 1950, signal 152929/178888 (executing program)
2022/09/19 14:45:57 fetching corpus: 2000, signal 153946/180215 (executing program)
2022/09/19 14:45:57 fetching corpus: 2050, signal 155289/181720 (executing program)
2022/09/19 14:45:57 fetching corpus: 2100, signal 156853/183335 (executing program)
2022/09/19 14:45:57 fetching corpus: 2150, signal 158399/184871 (executing program)
2022/09/19 14:45:57 fetching corpus: 2200, signal 160218/186565 (executing program)
2022/09/19 14:45:58 fetching corpus: 2250, signal 161459/187907 (executing program)
2022/09/19 14:45:58 fetching corpus: 2300, signal 162615/189156 (executing program)
2022/09/19 14:45:58 fetching corpus: 2350, signal 163392/190182 (executing program)
2022/09/19 14:45:58 fetching corpus: 2400, signal 164087/191182 (executing program)
2022/09/19 14:45:58 fetching corpus: 2450, signal 164943/192232 (executing program)
2022/09/19 14:45:58 fetching corpus: 2500, signal 165925/193339 (executing program)
2022/09/19 14:45:58 fetching corpus: 2550, signal 167034/194485 (executing program)
2022/09/19 14:45:58 fetching corpus: 2600, signal 168172/195665 (executing program)
2022/09/19 14:45:59 fetching corpus: 2650, signal 168967/196589 (executing program)
2022/09/19 14:45:59 fetching corpus: 2700, signal 170200/197702 (executing program)
2022/09/19 14:45:59 fetching corpus: 2750, signal 171339/198810 (executing program)
2022/09/19 14:45:59 fetching corpus: 2800, signal 172686/199970 (executing program)
2022/09/19 14:45:59 fetching corpus: 2850, signal 175203/201644 (executing program)
2022/09/19 14:45:59 fetching corpus: 2900, signal 176178/202599 (executing program)
2022/09/19 14:45:59 fetching corpus: 2950, signal 177781/203791 (executing program)
2022/09/19 14:46:00 fetching corpus: 3000, signal 178572/204582 (executing program)
2022/09/19 14:46:00 fetching corpus: 3050, signal 179764/205542 (executing program)
2022/09/19 14:46:00 fetching corpus: 3100, signal 180540/206307 (executing program)
2022/09/19 14:46:00 fetching corpus: 3150, signal 181655/207163 (executing program)
2022/09/19 14:46:00 fetching corpus: 3200, signal 182744/208019 (executing program)
2022/09/19 14:46:00 fetching corpus: 3250, signal 184162/208969 (executing program)
2022/09/19 14:46:00 fetching corpus: 3300, signal 184734/209592 (executing program)
2022/09/19 14:46:00 fetching corpus: 3350, signal 185600/210298 (executing program)
2022/09/19 14:46:01 fetching corpus: 3400, signal 186201/210911 (executing program)
2022/09/19 14:46:01 fetching corpus: 3450, signal 186936/211561 (executing program)
2022/09/19 14:46:01 fetching corpus: 3500, signal 187730/212245 (executing program)
2022/09/19 14:46:01 fetching corpus: 3550, signal 188995/213052 (executing program)
2022/09/19 14:46:01 fetching corpus: 3600, signal 189483/213553 (executing program)
2022/09/19 14:46:01 fetching corpus: 3650, signal 190168/214170 (executing program)
2022/09/19 14:46:01 fetching corpus: 3700, signal 190852/214707 (executing program)
2022/09/19 14:46:01 fetching corpus: 3750, signal 191757/215332 (executing program)
2022/09/19 14:46:02 fetching corpus: 3800, signal 192511/215870 (executing program)
2022/09/19 14:46:02 fetching corpus: 3850, signal 193234/216395 (executing program)
2022/09/19 14:46:02 fetching corpus: 3900, signal 194290/216991 (executing program)
2022/09/19 14:46:02 fetching corpus: 3950, signal 195313/217588 (executing program)
2022/09/19 14:46:02 fetching corpus: 4000, signal 196005/218043 (executing program)
2022/09/19 14:46:02 fetching corpus: 4050, signal 196825/218534 (executing program)
2022/09/19 14:46:02 fetching corpus: 4100, signal 197689/219038 (executing program)
2022/09/19 14:46:03 fetching corpus: 4150, signal 198798/219603 (executing program)
2022/09/19 14:46:03 fetching corpus: 4200, signal 199346/219994 (executing program)
2022/09/19 14:46:03 fetching corpus: 4250, signal 200622/220561 (executing program)
2022/09/19 14:46:03 fetching corpus: 4300, signal 201202/220919 (executing program)
2022/09/19 14:46:03 fetching corpus: 4350, signal 201834/221299 (executing program)
2022/09/19 14:46:03 fetching corpus: 4400, signal 202673/221766 (executing program)
2022/09/19 14:46:03 fetching corpus: 4450, signal 203441/222138 (executing program)
2022/09/19 14:46:04 fetching corpus: 4500, signal 204130/222475 (executing program)
2022/09/19 14:46:04 fetching corpus: 4550, signal 205027/222835 (executing program)
2022/09/19 14:46:04 fetching corpus: 4600, signal 205734/223150 (executing program)
2022/09/19 14:46:04 fetching corpus: 4650, signal 206641/223547 (executing program)
2022/09/19 14:46:04 fetching corpus: 4700, signal 207711/223879 (executing program)
2022/09/19 14:46:04 fetching corpus: 4750, signal 208252/224127 (executing program)
2022/09/19 14:46:04 fetching corpus: 4800, signal 208766/224361 (executing program)
2022/09/19 14:46:04 fetching corpus: 4850, signal 209666/224618 (executing program)
2022/09/19 14:46:04 fetching corpus: 4900, signal 210608/224867 (executing program)
2022/09/19 14:46:05 fetching corpus: 4950, signal 211323/225079 (executing program)
2022/09/19 14:46:05 fetching corpus: 5000, signal 212032/225325 (executing program)
2022/09/19 14:46:05 fetching corpus: 5050, signal 212508/225503 (executing program)
2022/09/19 14:46:05 fetching corpus: 5100, signal 213086/225673 (executing program)
2022/09/19 14:46:05 fetching corpus: 5150, signal 214000/225870 (executing program)
2022/09/19 14:46:05 fetching corpus: 5200, signal 215233/226053 (executing program)
2022/09/19 14:46:05 fetching corpus: 5250, signal 215944/226219 (executing program)
2022/09/19 14:46:06 fetching corpus: 5300, signal 216570/226369 (executing program)
2022/09/19 14:46:06 fetching corpus: 5350, signal 217313/226475 (executing program)
2022/09/19 14:46:06 fetching corpus: 5400, signal 218062/226598 (executing program)
2022/09/19 14:46:06 fetching corpus: 5450, signal 218476/226685 (executing program)
2022/09/19 14:46:06 fetching corpus: 5500, signal 219372/226784 (executing program)
2022/09/19 14:46:06 fetching corpus: 5522, signal 220019/226787 (executing program)
2022/09/19 14:46:06 fetching corpus: 5522, signal 220019/226787 (executing program)
2022/09/19 14:46:08 starting 8 fuzzer processes
14:46:08 executing program 0:
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)

14:46:08 executing program 6:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000440)={'veth0_macvtap\x00', &(0x7f0000000400)=@ethtool_gfeatures})

14:46:08 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000001e000100000000000000000007000000d8c93100000080"], 0x1c}], 0x1}, 0x0)

14:46:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x9})
fchown(r0, 0xee01, 0xee00)

14:46:08 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000500)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}, {0x0, 0x0, 0x9}], 0x0, 0x0)
chdir(0x0)
mount$cgroup(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x86091, &(0x7f00000007c0)=ANY=[@ANYBLOB="636c11d04d478eab95046472656e2c616c6c2c6e6f7072656669782c72656c656173655f6167656e743d2e2f66696c65312c6e6f7072656669782c616c6c2c66736d616769633d3078303030303030303030303030303130312c7569643e", @ANYRESDEC=0x0, @ANYBLOB="2c61756469742c6d61736b3d5e5be1ea336e491c524d652bec0a3bf017f0597ee593d6f9f83d519609312daaf06e280ff293c15770bbe997047461f07485829824346bf13ce9635e319da471b47e6f2090256c1595177a901781175eb4941f1d299255353ecce1c76d3e1cb134c11f60a8d4b95120616164d501b1bde9aeb858a692fe0b464c40f77e7f6d9e7e13124d7951377daebf6987d7dd0c6e813b57849e8f841e04cfef8596029a2ff8bbd36ebc98b5551df8333b1060c69a9062f2b98fad226f4491f5b0a1327f528959738d5ab816c7ddd58c0300370ec9139ff97f586a08b73b00"/244])
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, "1047c359a4f1acb11cad4ebfd27f6921c592f1"})
pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8)
mknodat$loop(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x4, 0x1)
openat(0xffffffffffffffff, 0x0, 0x101080, 0x100)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000600)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000580)="8a145cdc040d0a4ac50c37bace22fc092b248ee0e334529d007e2c451fd12932d86b78630671286a05ead28b26813d5711b3d991f9a23498d1608d23073efef183d1651ce1f1a134ab578c49191061", 0x4f}, 0x68)
sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0)

14:46:08 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e})
stat(&(0x7f0000006500)='./file0\x00', &(0x7f0000006540))

14:46:08 executing program 5:
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f00000018c0)=""/158)

14:46:08 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4c0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r0, &(0x7f0000000100), 0x12)
write(r0, &(0x7f00000003c0)="d96d36cd6e2cbc49977f0555ceea6d0e413bc7bfb30c43d84df12bc7cb270341400f5d56a34688aa5f4c5a78ea08a3b8a7ec3ec7670a1ff84c2c3d5b81669773fafe6dec5726662ebacd6e2bd380e83578ed3603a1cef253f3a66a2d2ce37227e0a680a7e8885779eabf9af1050cd8a4baf9ede0cc5193e5e17c760eaafab860e5c1fa7fa007423517830f91640637bd0ef414721346e53332f233cced301c705739492fee1111d2843400e1f78e0f3eeee083351d899a38c83bfb0167dd9964d22b43fae90dc4d3a960ff8c9ab074a2c01ab0c81a", 0xd5)
io_submit(0x0, 0x1, &(0x7f00000005c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)=')', 0x1}])
r1 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="200000001d0001000000000400000000040000000c000c83efc675a640adddb4557ac9"], 0x20}], 0x1}, 0x0)

[   68.270276] audit: type=1400 audit(1663598768.871:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   69.593058] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   69.596049] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   69.597337] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.598987] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   69.600244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   69.601844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   69.602948] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.603986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   69.605066] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   69.606093] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   69.607858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.608969] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   69.610211] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   69.611235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   69.612239] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   69.619679] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   69.620901] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   69.622247] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   69.623990] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.625015] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   69.627389] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   69.630024] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   69.631272] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   69.632330] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   69.633456] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   69.635252] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   69.636324] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   69.637779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   69.638790] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   69.639850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.646020] Bluetooth: hci4: HCI_REQ-0x0c1a
[   69.651105] Bluetooth: hci0: HCI_REQ-0x0c1a
[   69.655603] Bluetooth: hci5: HCI_REQ-0x0c1a
[   69.656393] Bluetooth: hci2: HCI_REQ-0x0c1a
[   69.660166] Bluetooth: hci1: HCI_REQ-0x0c1a
[   69.700791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   69.702805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   69.704184] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   69.708227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   69.710130] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   69.711661] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   69.716032] Bluetooth: hci3: HCI_REQ-0x0c1a
[   69.734323] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   69.736417] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   69.736479] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   69.740149] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   69.740212] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   69.743295] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   69.750746] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   69.752743] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   69.754504] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   69.759813] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   69.766812] Bluetooth: hci7: HCI_REQ-0x0c1a
[   69.775283] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   69.777174] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   69.785693] Bluetooth: hci6: HCI_REQ-0x0c1a
[   71.695612] Bluetooth: hci4: command 0x0409 tx timeout
[   71.696777] Bluetooth: hci2: command 0x0409 tx timeout
[   71.697505] Bluetooth: hci0: command 0x0409 tx timeout
[   71.698426] Bluetooth: hci1: command 0x0409 tx timeout
[   71.699132] Bluetooth: hci5: command 0x0409 tx timeout
[   71.758898] Bluetooth: hci3: command 0x0409 tx timeout
[   71.822680] Bluetooth: hci7: command 0x0409 tx timeout
[   71.822694] Bluetooth: hci6: command 0x0409 tx timeout
[   73.742955] Bluetooth: hci5: command 0x041b tx timeout
[   73.743671] Bluetooth: hci1: command 0x041b tx timeout
[   73.744297] Bluetooth: hci0: command 0x041b tx timeout
[   73.746739] Bluetooth: hci2: command 0x041b tx timeout
[   73.747377] Bluetooth: hci4: command 0x041b tx timeout
[   73.806621] Bluetooth: hci3: command 0x041b tx timeout
[   73.870587] Bluetooth: hci6: command 0x041b tx timeout
[   73.871159] Bluetooth: hci7: command 0x041b tx timeout
[   75.791064] Bluetooth: hci4: command 0x040f tx timeout
[   75.792816] Bluetooth: hci2: command 0x040f tx timeout
[   75.793271] Bluetooth: hci0: command 0x040f tx timeout
[   75.794685] Bluetooth: hci1: command 0x040f tx timeout
[   75.795125] Bluetooth: hci5: command 0x040f tx timeout
[   75.854632] Bluetooth: hci3: command 0x040f tx timeout
[   75.918665] Bluetooth: hci7: command 0x040f tx timeout
[   75.919401] Bluetooth: hci6: command 0x040f tx timeout
[   77.838693] Bluetooth: hci5: command 0x0419 tx timeout
[   77.839249] Bluetooth: hci1: command 0x0419 tx timeout
[   77.840733] Bluetooth: hci0: command 0x0419 tx timeout
[   77.841156] Bluetooth: hci2: command 0x0419 tx timeout
[   77.842329] Bluetooth: hci4: command 0x0419 tx timeout
[   77.902590] Bluetooth: hci3: command 0x0419 tx timeout
[   77.966686] Bluetooth: hci6: command 0x0419 tx timeout
[   77.967206] Bluetooth: hci7: command 0x0419 tx timeout
14:47:07 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="fd", 0x1, r0)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @pin_code_reply={{0x40d, 0x17}, {@none, 0x0, "267fb66ad5d9d436633c57535ea853c1"}}}, 0x1b)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @pin_code_reply={{0x40d, 0x17}, {@none, 0x0, "267fb66ad5d9d436633c57535ea853c1"}}}, 0x1b)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r1, &(0x7f0000000300)=""/4096, 0x1000)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x4000000000000000, 0x0, 0x0, 0x0, 0x0)

[  126.968320] audit: type=1400 audit(1663598827.569:7): avc:  denied  { open } for  pid=3807 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  126.969925] audit: type=1400 audit(1663598827.569:8): avc:  denied  { kernel } for  pid=3807 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  126.983048] ------------[ cut here ]------------
[  126.983068] 
[  126.983071] ======================================================
[  126.983075] WARNING: possible circular locking dependency detected
[  126.983079] 6.0.0-rc6-next-20220919 #1 Not tainted
[  126.983085] ------------------------------------------------------
[  126.983089] syz-executor.4/3809 is trying to acquire lock:
[  126.983095] ffffffff853fa838 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  126.983130] 
[  126.983130] but task is already holding lock:
[  126.983133] ffff88800eee4820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  126.983160] 
[  126.983160] which lock already depends on the new lock.
[  126.983160] 
[  126.983163] 
[  126.983163] the existing dependency chain (in reverse order) is:
[  126.983166] 
[  126.983166] -> #3 (&ctx->lock){....}-{2:2}:
[  126.983180]        _raw_spin_lock+0x2a/0x40
[  126.983197]        __perf_event_task_sched_out+0x53b/0x18d0
[  126.983209]        __schedule+0xedd/0x2470
[  126.983219]        schedule+0xda/0x1b0
[  126.983229]        futex_wait_queue+0xf5/0x1e0
[  126.983240]        futex_wait+0x28e/0x690
[  126.983250]        do_futex+0x2ff/0x380
[  126.983267]        __x64_sys_futex+0x1c6/0x4d0
[  126.983276]        do_syscall_64+0x3b/0x90
[  126.983290]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.983307] 
[  126.983307] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  126.983321]        _raw_spin_lock_nested+0x30/0x40
[  126.983335]        raw_spin_rq_lock_nested+0x1e/0x30
[  126.983351]        task_fork_fair+0x63/0x4d0
[  126.983374]        sched_cgroup_fork+0x3d0/0x540
[  126.983389]        copy_process+0x4183/0x6e20
[  126.983399]        kernel_clone+0xe7/0x890
[  126.983409]        user_mode_thread+0xad/0xf0
[  126.983419]        rest_init+0x24/0x250
[  126.983437]        arch_call_rest_init+0xf/0x14
[  126.983451]        start_kernel+0x4c1/0x4e6
[  126.983462]        secondary_startup_64_no_verify+0xe0/0xeb
[  126.983476] 
[  126.983476] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  126.983490]        _raw_spin_lock_irqsave+0x39/0x60
[  126.983505]        try_to_wake_up+0xab/0x1920
[  126.983518]        up+0x75/0xb0
[  126.983531]        __up_console_sem+0x6e/0x80
[  126.983547]        console_unlock+0x46a/0x590
[  126.983562]        vt_ioctl+0x2822/0x2ca0
[  126.983575]        tty_ioctl+0x7c4/0x1700
[  126.983586]        __x64_sys_ioctl+0x19a/0x210
[  126.983601]        do_syscall_64+0x3b/0x90
[  126.983614]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.983630] 
[  126.983630] -> #0 ((console_sem).lock){....}-{2:2}:
[  126.983644]        __lock_acquire+0x2a02/0x5e70
[  126.983660]        lock_acquire+0x1a2/0x530
[  126.983677]        _raw_spin_lock_irqsave+0x39/0x60
[  126.983692]        down_trylock+0xe/0x70
[  126.983704]        __down_trylock_console_sem+0x3b/0xd0
[  126.983720]        vprintk_emit+0x16b/0x560
[  126.983736]        vprintk+0x84/0xa0
[  126.983751]        _printk+0xba/0xf1
[  126.983769]        report_bug.cold+0x72/0xab
[  126.983781]        handle_bug+0x3c/0x70
[  126.983793]        exc_invalid_op+0x14/0x50
[  126.983806]        asm_exc_invalid_op+0x16/0x20
[  126.983822]        group_sched_out.part.0+0x2c7/0x460
[  126.983832]        ctx_sched_out+0x8f1/0xc10
[  126.983842]        __perf_event_task_sched_out+0x6d0/0x18d0
[  126.983854]        __schedule+0xedd/0x2470
[  126.983863]        schedule+0xda/0x1b0
[  126.983873]        futex_wait_queue+0xf5/0x1e0
[  126.983883]        futex_wait+0x28e/0x690
[  126.983893]        do_futex+0x2ff/0x380
[  126.983909]        __x64_sys_futex+0x1c6/0x4d0
[  126.983919]        do_syscall_64+0x3b/0x90
[  126.983931]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.983948] 
[  126.983948] other info that might help us debug this:
[  126.983948] 
[  126.983950] Chain exists of:
[  126.983950]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  126.983950] 
[  126.983965]  Possible unsafe locking scenario:
[  126.983965] 
[  126.983968]        CPU0                    CPU1
[  126.983970]        ----                    ----
[  126.983972]   lock(&ctx->lock);
[  126.983978]                                lock(&rq->__lock);
[  126.983984]                                lock(&ctx->lock);
[  126.983990]   lock((console_sem).lock);
[  126.983996] 
[  126.983996]  *** DEADLOCK ***
[  126.983996] 
[  126.983998] 2 locks held by syz-executor.4/3809:
[  126.984005]  #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  126.984031]  #1: ffff88800eee4820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  126.984058] 
[  126.984058] stack backtrace:
[  126.984061] CPU: 1 PID: 3809 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220919 #1
[  126.984073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  126.984082] Call Trace:
[  126.984085]  <TASK>
[  126.984089]  dump_stack_lvl+0x8b/0xb3
[  126.984104]  check_noncircular+0x263/0x2e0
[  126.984120]  ? format_decode+0x26c/0xb50
[  126.984135]  ? print_circular_bug+0x450/0x450
[  126.984152]  ? enable_ptr_key_workfn+0x20/0x20
[  126.984167]  ? format_decode+0x26c/0xb50
[  126.984182]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  126.984200]  __lock_acquire+0x2a02/0x5e70
[  126.984221]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  126.984243]  lock_acquire+0x1a2/0x530
[  126.984259]  ? down_trylock+0xe/0x70
[  126.984273]  ? lock_release+0x750/0x750
[  126.984293]  ? vprintk+0x84/0xa0
[  126.984311]  _raw_spin_lock_irqsave+0x39/0x60
[  126.984326]  ? down_trylock+0xe/0x70
[  126.984339]  down_trylock+0xe/0x70
[  126.984357]  ? vprintk+0x84/0xa0
[  126.984379]  __down_trylock_console_sem+0x3b/0xd0
[  126.984396]  vprintk_emit+0x16b/0x560
[  126.984415]  vprintk+0x84/0xa0
[  126.984432]  _printk+0xba/0xf1
[  126.984449]  ? record_print_text.cold+0x16/0x16
[  126.984471]  ? report_bug.cold+0x66/0xab
[  126.984485]  ? group_sched_out.part.0+0x2c7/0x460
[  126.984496]  report_bug.cold+0x72/0xab
[  126.984511]  handle_bug+0x3c/0x70
[  126.984525]  exc_invalid_op+0x14/0x50
[  126.984540]  asm_exc_invalid_op+0x16/0x20
[  126.984557] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  126.984570] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d 5b 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  126.984582] RSP: 0018:ffff88800ed4f8f8 EFLAGS: 00010006
[  126.984591] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  126.984599] RDX: ffff888017405040 RSI: ffffffff81566077 RDI: 0000000000000005
[  126.984607] RBP: ffff88803fc80000 R08: 0000000000000005 R09: 0000000000000001
[  126.984615] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88800eee4800
[  126.984622] R13: ffff88806cf3d140 R14: ffffffff8547c620 R15: 0000000000000002
[  126.984634]  ? group_sched_out.part.0+0x2c7/0x460
[  126.984647]  ? group_sched_out.part.0+0x2c7/0x460
[  126.984659]  ctx_sched_out+0x8f1/0xc10
[  126.984672]  __perf_event_task_sched_out+0x6d0/0x18d0
[  126.984687]  ? lock_is_held_type+0xd7/0x130
[  126.984705]  ? __perf_cgroup_move+0x160/0x160
[  126.984717]  ? set_next_entity+0x304/0x550
[  126.984736]  ? lock_is_held_type+0xd7/0x130
[  126.984755]  __schedule+0xedd/0x2470
[  126.984768]  ? io_schedule_timeout+0x150/0x150
[  126.984780]  ? futex_wait_setup+0x166/0x230
[  126.984794]  schedule+0xda/0x1b0
[  126.984805]  futex_wait_queue+0xf5/0x1e0
[  126.984817]  futex_wait+0x28e/0x690
[  126.984829]  ? futex_wait_setup+0x230/0x230
[  126.984842]  ? wake_up_q+0x8b/0xf0
[  126.984855]  ? do_raw_spin_unlock+0x4f/0x220
[  126.984874]  ? futex_wake+0x158/0x490
[  126.984889]  ? fd_install+0x1f9/0x640
[  126.984905]  do_futex+0x2ff/0x380
[  126.984924]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  126.984948]  __x64_sys_futex+0x1c6/0x4d0
[  126.984960]  ? __x64_sys_futex_time32+0x480/0x480
[  126.984973]  ? syscall_enter_from_user_mode+0x1d/0x50
[  126.984991]  ? syscall_enter_from_user_mode+0x1d/0x50
[  126.985011]  do_syscall_64+0x3b/0x90
[  126.985025]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.985042] RIP: 0033:0x7feb6de6cb19
[  126.985051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  126.985062] RSP: 002b:00007feb6b3e2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  126.985073] RAX: ffffffffffffffda RBX: 00007feb6df7ff68 RCX: 00007feb6de6cb19
[  126.985081] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feb6df7ff68
[  126.985088] RBP: 00007feb6df7ff60 R08: 0000000000000000 R09: 0000000000000000
[  126.985095] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb6df7ff6c
[  126.985103] R13: 00007ffe6000f7df R14: 00007feb6b3e2300 R15: 0000000000022000
[  126.985115]  </TASK>
[  127.045832] WARNING: CPU: 1 PID: 3809 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  127.046545] Modules linked in:
[  127.046793] CPU: 1 PID: 3809 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220919 #1
[  127.047391] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  127.048200] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  127.048611] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d 5b 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  127.049939] RSP: 0018:ffff88800ed4f8f8 EFLAGS: 00010006
[  127.050342] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  127.050878] RDX: ffff888017405040 RSI: ffffffff81566077 RDI: 0000000000000005
[  127.051406] RBP: ffff88803fc80000 R08: 0000000000000005 R09: 0000000000000001
[  127.051939] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88800eee4800
[  127.052477] R13: ffff88806cf3d140 R14: ffffffff8547c620 R15: 0000000000000002
[  127.053013] FS:  00007feb6b3e2700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  127.053616] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  127.054047] CR2: 00007fa060606260 CR3: 0000000040424000 CR4: 0000000000350ee0
[  127.054625] Call Trace:
[  127.054818]  <TASK>
[  127.054995]  ctx_sched_out+0x8f1/0xc10
[  127.055287]  __perf_event_task_sched_out+0x6d0/0x18d0
[  127.055688]  ? lock_is_held_type+0xd7/0x130
[  127.056019]  ? __perf_cgroup_move+0x160/0x160
[  127.056360]  ? set_next_entity+0x304/0x550
[  127.056689]  ? lock_is_held_type+0xd7/0x130
[  127.057018]  __schedule+0xedd/0x2470
[  127.057306]  ? io_schedule_timeout+0x150/0x150
[  127.057667]  ? futex_wait_setup+0x166/0x230
[  127.057990]  schedule+0xda/0x1b0
[  127.058258]  futex_wait_queue+0xf5/0x1e0
[  127.058571]  futex_wait+0x28e/0x690
[  127.058845]  ? futex_wait_setup+0x230/0x230
[  127.059169]  ? wake_up_q+0x8b/0xf0
[  127.059453]  ? do_raw_spin_unlock+0x4f/0x220
[  127.059799]  ? futex_wake+0x158/0x490
[  127.060086]  ? fd_install+0x1f9/0x640
[  127.060384]  do_futex+0x2ff/0x380
[  127.060660]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  127.061097]  __x64_sys_futex+0x1c6/0x4d0
[  127.061416]  ? __x64_sys_futex_time32+0x480/0x480
[  127.061774]  ? syscall_enter_from_user_mode+0x1d/0x50
[  127.062159]  ? syscall_enter_from_user_mode+0x1d/0x50
[  127.062575]  do_syscall_64+0x3b/0x90
[  127.062867]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.063264] RIP: 0033:0x7feb6de6cb19
[  127.063566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  127.064912] RSP: 002b:00007feb6b3e2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  127.065475] RAX: ffffffffffffffda RBX: 00007feb6df7ff68 RCX: 00007feb6de6cb19
[  127.066002] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feb6df7ff68
[  127.066541] RBP: 00007feb6df7ff60 R08: 0000000000000000 R09: 0000000000000000
[  127.067066] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb6df7ff6c
[  127.067607] R13: 00007ffe6000f7df R14: 00007feb6b3e2300 R15: 0000000000022000
[  127.068144]  </TASK>
[  127.068324] irq event stamp: 918
[  127.068586] hardirqs last  enabled at (917): [<ffffffff842446bd>] syscall_enter_from_user_mode+0x1d/0x50
[  127.069284] hardirqs last disabled at (918): [<ffffffff8424d995>] __schedule+0x1225/0x2470
[  127.069893] softirqs last  enabled at (640): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  127.070564] softirqs last disabled at (627): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  127.071192] ---[ end trace 0000000000000000 ]---
14:47:07 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="fd", 0x1, r0)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @pin_code_reply={{0x40d, 0x17}, {@none, 0x0, "267fb66ad5d9d436633c57535ea853c1"}}}, 0x1b)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @pin_code_reply={{0x40d, 0x17}, {@none, 0x0, "267fb66ad5d9d436633c57535ea853c1"}}}, 0x1b)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r1, &(0x7f0000000300)=""/4096, 0x1000)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x4000000000000000, 0x0, 0x0, 0x0, 0x0)

14:47:08 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="fd", 0x1, r0)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @pin_code_reply={{0x40d, 0x17}, {@none, 0x0, "267fb66ad5d9d436633c57535ea853c1"}}}, 0x1b)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @pin_code_reply={{0x40d, 0x17}, {@none, 0x0, "267fb66ad5d9d436633c57535ea853c1"}}}, 0x1b)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r1, &(0x7f0000000300)=""/4096, 0x1000)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x4000000000000000, 0x0, 0x0, 0x0, 0x0)

[  127.478548] hrtimer: interrupt took 19346 ns
[  128.664814] syz-executor.7 (299) used greatest stack depth: 24640 bytes left
[  131.041757] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  131.043009] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  131.044604] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  131.046471] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  131.048056] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  131.049304] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  131.053341] Bluetooth: hci3: HCI_REQ-0x0c1a
[  131.090863] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  131.092150] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  131.093480] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  131.095860] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  131.097407] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  131.098883] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  131.102484] Bluetooth: hci5: HCI_REQ-0x0c1a
[  133.070571] Bluetooth: hci3: command 0x0409 tx timeout
[  133.070592] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  133.134562] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  133.135276] Bluetooth: hci5: command 0x0409 tx timeout
[  133.199555] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  135.118561] Bluetooth: hci3: command 0x041b tx timeout
[  135.182580] Bluetooth: hci5: command 0x041b tx timeout

VM DIAGNOSIS:
14:47:07  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88806cf3d460 RCX=0000000000000000 RDX=ffff888040623580
RSI=ffffffff813bcd2b RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88802068f960
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffffed100d9e7a8d R13=ffff88806cf3d468 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff813bcd2d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555557034400 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007feb6df7511c CR3=0000000040424000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007feb6df537c0 00007feb6df537c8
YMM02=0000000000000000 0000000000000000 00007feb6df537e0 00007feb6df537c0
YMM03=0000000000000000 0000000000000000 00007feb6df537c8 00007feb6df537c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff822b2dec RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88800ed4f350
R8 =0000000000000001 R9 =ffff88800ed4f2db R10=ffffed1001da9e5b R11=0000000000000001
R12=000000000000005b R13=ffffffff87641b60 R14=ffffffff87641bb0 R15=ffffffff87641e08
RIP=ffffffff822b2e41 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007feb6b3e2700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa060606260 CR3=0000000040424000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007feb6df537c0 00007feb6df537c8
YMM02=0000000000000000 0000000000000000 00007feb6df537e0 00007feb6df537c0
YMM03=0000000000000000 0000000000000000 00007feb6df537c8 00007feb6df537c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000