Warning: Permanently added '[localhost]:64147' (ECDSA) to the list of known hosts.
2022/09/28 04:01:12 fuzzer started
2022/09/28 04:01:12 dialing manager at localhost:35827
syzkaller login: [   45.615523] cgroup: Unknown subsys name 'net'
[   45.712963] cgroup: Unknown subsys name 'rlimit'
2022/09/28 04:01:27 syscalls: 2215
2022/09/28 04:01:27 code coverage: enabled
2022/09/28 04:01:27 comparison tracing: enabled
2022/09/28 04:01:27 extra coverage: enabled
2022/09/28 04:01:27 setuid sandbox: enabled
2022/09/28 04:01:27 namespace sandbox: enabled
2022/09/28 04:01:27 Android sandbox: enabled
2022/09/28 04:01:27 fault injection: enabled
2022/09/28 04:01:27 leak checking: enabled
2022/09/28 04:01:27 net packet injection: enabled
2022/09/28 04:01:27 net device setup: enabled
2022/09/28 04:01:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/28 04:01:27 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/28 04:01:27 USB emulation: enabled
2022/09/28 04:01:27 hci packet injection: enabled
2022/09/28 04:01:27 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220927                                          )
2022/09/28 04:01:27 802.15.4 emulation: enabled
2022/09/28 04:01:27 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/28 04:01:28 fetching corpus: 50, signal 30176/33577 (executing program)
2022/09/28 04:01:28 fetching corpus: 100, signal 39870/44746 (executing program)
2022/09/28 04:01:28 fetching corpus: 150, signal 46199/52468 (executing program)
2022/09/28 04:01:28 fetching corpus: 200, signal 55371/62791 (executing program)
2022/09/28 04:01:28 fetching corpus: 250, signal 60123/68750 (executing program)
2022/09/28 04:01:28 fetching corpus: 300, signal 64015/73790 (executing program)
2022/09/28 04:01:28 fetching corpus: 350, signal 68713/79492 (executing program)
2022/09/28 04:01:28 fetching corpus: 400, signal 72615/84393 (executing program)
2022/09/28 04:01:28 fetching corpus: 450, signal 75805/88596 (executing program)
2022/09/28 04:01:28 fetching corpus: 500, signal 79285/92969 (executing program)
2022/09/28 04:01:29 fetching corpus: 550, signal 83228/97736 (executing program)
2022/09/28 04:01:29 fetching corpus: 600, signal 85557/100998 (executing program)
2022/09/28 04:01:29 fetching corpus: 650, signal 88283/104558 (executing program)
2022/09/28 04:01:29 fetching corpus: 700, signal 89889/107010 (executing program)
2022/09/28 04:01:29 fetching corpus: 750, signal 92094/110015 (executing program)
2022/09/28 04:01:29 fetching corpus: 800, signal 94003/112735 (executing program)
2022/09/28 04:01:29 fetching corpus: 850, signal 97100/116437 (executing program)
2022/09/28 04:01:29 fetching corpus: 900, signal 99190/119311 (executing program)
2022/09/28 04:01:29 fetching corpus: 950, signal 101093/121892 (executing program)
2022/09/28 04:01:30 fetching corpus: 1000, signal 103787/125076 (executing program)
2022/09/28 04:01:30 fetching corpus: 1050, signal 106807/128476 (executing program)
2022/09/28 04:01:30 fetching corpus: 1100, signal 109133/131248 (executing program)
2022/09/28 04:01:30 fetching corpus: 1149, signal 110836/133518 (executing program)
2022/09/28 04:01:30 fetching corpus: 1199, signal 114755/137442 (executing program)
2022/09/28 04:01:30 fetching corpus: 1249, signal 116894/139986 (executing program)
2022/09/28 04:01:30 fetching corpus: 1299, signal 118900/142368 (executing program)
2022/09/28 04:01:31 fetching corpus: 1349, signal 121618/145223 (executing program)
2022/09/28 04:01:31 fetching corpus: 1399, signal 122762/146890 (executing program)
2022/09/28 04:01:31 fetching corpus: 1449, signal 125066/149373 (executing program)
2022/09/28 04:01:31 fetching corpus: 1499, signal 126592/151257 (executing program)
2022/09/28 04:01:31 fetching corpus: 1549, signal 127943/152966 (executing program)
2022/09/28 04:01:31 fetching corpus: 1599, signal 129954/155133 (executing program)
2022/09/28 04:01:31 fetching corpus: 1649, signal 131702/157123 (executing program)
2022/09/28 04:01:31 fetching corpus: 1699, signal 132911/158663 (executing program)
2022/09/28 04:01:31 fetching corpus: 1749, signal 134781/160580 (executing program)
2022/09/28 04:01:32 fetching corpus: 1799, signal 136071/162196 (executing program)
2022/09/28 04:01:32 fetching corpus: 1849, signal 136974/163521 (executing program)
2022/09/28 04:01:32 fetching corpus: 1899, signal 139023/165469 (executing program)
2022/09/28 04:01:32 fetching corpus: 1949, signal 139962/166737 (executing program)
2022/09/28 04:01:32 fetching corpus: 1999, signal 141386/168227 (executing program)
2022/09/28 04:01:32 fetching corpus: 2049, signal 143217/169969 (executing program)
2022/09/28 04:01:32 fetching corpus: 2099, signal 145222/171804 (executing program)
2022/09/28 04:01:32 fetching corpus: 2149, signal 146566/173210 (executing program)
2022/09/28 04:01:33 fetching corpus: 2199, signal 148508/174839 (executing program)
2022/09/28 04:01:33 fetching corpus: 2249, signal 149588/176028 (executing program)
2022/09/28 04:01:33 fetching corpus: 2299, signal 151281/177485 (executing program)
2022/09/28 04:01:33 fetching corpus: 2349, signal 152673/178791 (executing program)
2022/09/28 04:01:33 fetching corpus: 2399, signal 153707/179871 (executing program)
2022/09/28 04:01:33 fetching corpus: 2449, signal 155238/181128 (executing program)
2022/09/28 04:01:33 fetching corpus: 2499, signal 155727/181901 (executing program)
2022/09/28 04:01:33 fetching corpus: 2549, signal 156858/182990 (executing program)
2022/09/28 04:01:34 fetching corpus: 2599, signal 157770/183986 (executing program)
2022/09/28 04:01:34 fetching corpus: 2649, signal 158836/184995 (executing program)
2022/09/28 04:01:34 fetching corpus: 2697, signal 159667/185881 (executing program)
2022/09/28 04:01:34 fetching corpus: 2746, signal 160529/186729 (executing program)
2022/09/28 04:01:34 fetching corpus: 2796, signal 161280/187531 (executing program)
2022/09/28 04:01:34 fetching corpus: 2844, signal 161994/188312 (executing program)
2022/09/28 04:01:34 fetching corpus: 2894, signal 162733/189103 (executing program)
2022/09/28 04:01:34 fetching corpus: 2943, signal 163402/189854 (executing program)
2022/09/28 04:01:35 fetching corpus: 2993, signal 164117/190573 (executing program)
2022/09/28 04:01:35 fetching corpus: 3043, signal 165310/191479 (executing program)
2022/09/28 04:01:35 fetching corpus: 3093, signal 166229/192233 (executing program)
2022/09/28 04:01:35 fetching corpus: 3143, signal 166915/193046 (executing program)
2022/09/28 04:01:35 fetching corpus: 3192, signal 167663/193760 (executing program)
2022/09/28 04:01:35 fetching corpus: 3239, signal 168443/194423 (executing program)
2022/09/28 04:01:35 fetching corpus: 3288, signal 169014/195022 (executing program)
2022/09/28 04:01:35 fetching corpus: 3337, signal 170134/195866 (executing program)
2022/09/28 04:01:35 fetching corpus: 3387, signal 170753/196511 (executing program)
2022/09/28 04:01:35 fetching corpus: 3437, signal 171174/197010 (executing program)
2022/09/28 04:01:35 fetching corpus: 3487, signal 171653/197526 (executing program)
2022/09/28 04:01:36 fetching corpus: 3536, signal 172750/198185 (executing program)
2022/09/28 04:01:36 fetching corpus: 3586, signal 173676/198806 (executing program)
2022/09/28 04:01:36 fetching corpus: 3636, signal 174603/199402 (executing program)
2022/09/28 04:01:36 fetching corpus: 3686, signal 175408/199964 (executing program)
2022/09/28 04:01:36 fetching corpus: 3736, signal 176114/200435 (executing program)
2022/09/28 04:01:36 fetching corpus: 3786, signal 176804/200960 (executing program)
2022/09/28 04:01:36 fetching corpus: 3835, signal 177816/201629 (executing program)
2022/09/28 04:01:36 fetching corpus: 3885, signal 178900/202204 (executing program)
2022/09/28 04:01:37 fetching corpus: 3935, signal 179795/202743 (executing program)
2022/09/28 04:01:37 fetching corpus: 3985, signal 180376/203181 (executing program)
2022/09/28 04:01:37 fetching corpus: 4033, signal 181037/203601 (executing program)
2022/09/28 04:01:37 fetching corpus: 4083, signal 182408/204155 (executing program)
2022/09/28 04:01:37 fetching corpus: 4132, signal 184863/204900 (executing program)
2022/09/28 04:01:37 fetching corpus: 4181, signal 185650/205265 (executing program)
2022/09/28 04:01:37 fetching corpus: 4231, signal 186451/205635 (executing program)
2022/09/28 04:01:37 fetching corpus: 4280, signal 186868/205911 (executing program)
2022/09/28 04:01:38 fetching corpus: 4329, signal 187335/206233 (executing program)
2022/09/28 04:01:38 fetching corpus: 4378, signal 188197/206574 (executing program)
2022/09/28 04:01:38 fetching corpus: 4426, signal 188683/206832 (executing program)
2022/09/28 04:01:38 fetching corpus: 4476, signal 189397/207097 (executing program)
2022/09/28 04:01:38 fetching corpus: 4523, signal 190678/207432 (executing program)
2022/09/28 04:01:38 fetching corpus: 4573, signal 191675/207750 (executing program)
2022/09/28 04:01:38 fetching corpus: 4622, signal 192505/208008 (executing program)
2022/09/28 04:01:38 fetching corpus: 4671, signal 193712/208266 (executing program)
2022/09/28 04:01:39 fetching corpus: 4720, signal 195351/208524 (executing program)
2022/09/28 04:01:39 fetching corpus: 4770, signal 195739/208689 (executing program)
2022/09/28 04:01:39 fetching corpus: 4819, signal 196221/208850 (executing program)
2022/09/28 04:01:39 fetching corpus: 4867, signal 197066/209018 (executing program)
2022/09/28 04:01:39 fetching corpus: 4917, signal 197918/209273 (executing program)
2022/09/28 04:01:39 fetching corpus: 4967, signal 198431/209401 (executing program)
2022/09/28 04:01:39 fetching corpus: 5017, signal 199803/209532 (executing program)
2022/09/28 04:01:39 fetching corpus: 5067, signal 200608/209627 (executing program)
2022/09/28 04:01:40 fetching corpus: 5117, signal 200922/209686 (executing program)
2022/09/28 04:01:40 fetching corpus: 5167, signal 201270/209693 (executing program)
2022/09/28 04:01:40 fetching corpus: 5216, signal 202058/209695 (executing program)
2022/09/28 04:01:40 fetching corpus: 5265, signal 202683/209700 (executing program)
2022/09/28 04:01:40 fetching corpus: 5314, signal 203429/209700 (executing program)
2022/09/28 04:01:40 fetching corpus: 5333, signal 203723/209700 (executing program)
2022/09/28 04:01:40 fetching corpus: 5334, signal 203728/209700 (executing program)
2022/09/28 04:01:40 fetching corpus: 5334, signal 203728/209700 (executing program)
2022/09/28 04:01:42 starting 8 fuzzer processes
04:01:42 executing program 0:
r0 = epoll_create(0x4)
r1 = epoll_create(0x87f9)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))
r2 = epoll_create(0x80)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000080))

04:01:42 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0)
close(r0)

04:01:42 executing program 2:
syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000001dc0)=[{0x0}], 0x0, 0x0)

[   74.066735] audit: type=1400 audit(1664337702.894:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
04:01:42 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x80, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001d0001"], 0x1c}}, 0x0)

04:01:42 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={[{@nr_blocks={'nr_blocks', 0x3d, [0x30, 0x0]}}]})
mknodat$loop(r0, &(0x7f0000000540)='./file0\x00', 0xc000, 0x1)

04:01:42 executing program 5:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000500)={0x0, 0x0, 0x3, 0x1d, 0x15c, &(0x7f0000000100)="7ac7d0d4962520a35dc86332347fbdc93593fb5712be43b7a21a8b92c66e5f9f800da62c6627a86f70d421e745d60236e29dda6c9e12e852970abb8d92c3e1e1d79b0499fe243b27de1d904c760a9f97fac8eddc4facf54d5455ef0a809f0c351df6291bf37392ff28e63ccbff1144d7ed15972296ea5d5dffdd76eedca469e539777bbff92a834517d6f211be7988abe0cb33886fdf0b0fbef4e30a7707e18b7dc7174b84baaf842475cbef1386e267c8fe64ba3cd564304bc5401f59a80b46620d398d24cde0506e23b31deae3f67435a73942eeda7ba01d994a3cde45c40aef6cb1a9c90081be06524f87c69b6533635b5004f3a158db0c9b065cb6b22d9ad12cb2588bf62d68289330bd033b6db2c37cd043544aed1712818f686721fb56ef9cd1ef2c14b03b308cd666d29cc3336b615bb225d23eef6bb3f924c867d645dba1c72d43fe434e3b0a30a15bd4e14fdaed367f60ef8ba25a17a887dd9351dc9d675e853a6f9d662d155ef46778e37ec60a27b746bdc730b9d77e7085f188b20577250af0493096cab2bafb774615bdde1de960592ce291c681111981498b86099b428dbc19534d0c5dbd57a25451d82424958859d21ed5cab99d625b4db7eeb4b7727d998a359c0b1313eaa7b6a634488530316b8c0a70be94ff3f6104dbc3996c965527331e10fe31d53398ec0ff34a89bb39e916b85c111e1f8149d84de26df863b30395be2ecabb085f755ff7f315ded77e38b0a9845bfb97280e34c91da133fc9e5c6b2fec8ae813eead9bb321bea95044ae1503d4747be597d859bc39a39304433284f52ed94509a00e4fdd9cbdab8613aea4e093f970c8c65507ef5c16aac2cca58192e96bbe49dd069a5c877099bf71447e274080b9a82562c618638b6d368ddeef2c3705dabfc34687286b50e0e3c31dd89cc7a0863f4cbe5927ed58e3b7e7859553c1ae56cd872320e0854ff6779239b266a8a2fc683df6af8a6ece4d3f88fbecd147bc06849c74a025a5034bd90867f7e8347a8101ef8f119be0abc4452a5beed12247b0a6bdb8eaafbc8eccf406343242dd05e23b4d3a7a778cbb61d43ff3989bdcd2dd0d32072b3f15e1d1b39f8868c50af40bdb610780a559014f6bfb4b190117a80e18820c05a9fec5db76eb79d70b4d86d524f13472a6a28e6f52194430d40927c403ac323e8d1f95f398f7e48b6002cadfa2c0523ce9aec86f031109dc0d09262a2dcb01c3b9b3d9e7ee17179299a56bfb27b1ff02f14b244288eb86f5b958cc57207ac126f983c5e71f5c5f1dde98ebfffe882b1dcd030c170d27c26127d7d2d1279b21a0a801db8f6318d71137aed857deaa1a75fd7eedad7cb202d71994bd01f0cfb6d92d5079f5058645c31c8a1f3a77098efd522b1c2956ca51988eb2e6357c7935a4cf7afd95249e563e8097a358ca27064370b9"})

04:01:42 executing program 6:
ioctl$HIDIOCGNAME(0xffffffffffffffff, 0x80404806, 0x0)

04:01:42 executing program 7:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)={0x14, 0x66, 0xe21, 0x0, 0x0, "", [@generic="8e"]}, 0x14}], 0x1}, 0x0)

[   75.314016] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   75.315724] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.318261] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   75.319388] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.321043] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   75.322343] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.326400] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.328802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.330164] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   75.331692] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   75.337450] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   75.338405] Bluetooth: hci1: HCI_REQ-0x0c1a
[   75.342073] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   75.371226] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   75.373385] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.378979] Bluetooth: hci0: HCI_REQ-0x0c1a
[   75.394246] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   75.394292] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.399214] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   75.399229] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.404392] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   75.406824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.408258] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   75.408393] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   75.411692] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   75.414176] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   75.416814] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   75.418185] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.424889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   75.426320] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   75.429337] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   75.430796] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   75.432091] Bluetooth: hci2: HCI_REQ-0x0c1a
[   75.441007] Bluetooth: hci3: HCI_REQ-0x0c1a
[   75.456669] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   75.458394] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   75.465152] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   75.466245] Bluetooth: hci6: HCI_REQ-0x0c1a
[   75.466445] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   75.483781] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   75.486137] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   75.487569] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   75.490439] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   75.492320] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   75.494237] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   75.495511] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   75.497044] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   75.500253] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   75.501738] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   75.503345] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   75.510823] Bluetooth: hci4: HCI_REQ-0x0c1a
[   75.512183] Bluetooth: hci5: HCI_REQ-0x0c1a
[   75.513122] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   75.517829] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   75.520205] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   75.530690] Bluetooth: hci7: HCI_REQ-0x0c1a
[   77.395326] Bluetooth: hci0: command 0x0409 tx timeout
[   77.396302] Bluetooth: hci1: command 0x0409 tx timeout
[   77.457945] Bluetooth: hci2: command 0x0409 tx timeout
[   77.459006] Bluetooth: hci3: command 0x0409 tx timeout
[   77.521939] Bluetooth: hci6: command 0x0409 tx timeout
[   77.522967] Bluetooth: hci5: command 0x0409 tx timeout
[   77.523509] Bluetooth: hci4: command 0x0409 tx timeout
[   77.585904] Bluetooth: hci7: command 0x0409 tx timeout
[   79.442983] Bluetooth: hci1: command 0x041b tx timeout
[   79.443590] Bluetooth: hci0: command 0x041b tx timeout
[   79.506957] Bluetooth: hci3: command 0x041b tx timeout
[   79.507556] Bluetooth: hci2: command 0x041b tx timeout
[   79.570981] Bluetooth: hci4: command 0x041b tx timeout
[   79.571588] Bluetooth: hci5: command 0x041b tx timeout
[   79.572188] Bluetooth: hci6: command 0x041b tx timeout
[   79.635018] Bluetooth: hci7: command 0x041b tx timeout
[   81.491027] Bluetooth: hci0: command 0x040f tx timeout
[   81.491797] Bluetooth: hci1: command 0x040f tx timeout
[   81.553947] Bluetooth: hci2: command 0x040f tx timeout
[   81.554710] Bluetooth: hci3: command 0x040f tx timeout
[   81.617996] Bluetooth: hci6: command 0x040f tx timeout
[   81.618736] Bluetooth: hci5: command 0x040f tx timeout
[   81.619525] Bluetooth: hci4: command 0x040f tx timeout
[   81.683206] Bluetooth: hci7: command 0x040f tx timeout
[   83.539005] Bluetooth: hci1: command 0x0419 tx timeout
[   83.539485] Bluetooth: hci0: command 0x0419 tx timeout
[   83.602982] Bluetooth: hci3: command 0x0419 tx timeout
[   83.603409] Bluetooth: hci2: command 0x0419 tx timeout
[   83.666969] Bluetooth: hci4: command 0x0419 tx timeout
[   83.667391] Bluetooth: hci5: command 0x0419 tx timeout
[   83.667800] Bluetooth: hci6: command 0x0419 tx timeout
[   83.730883] Bluetooth: hci7: command 0x0419 tx timeout
04:02:41 executing program 5:
keyctl$reject(0x13, 0x0, 0x0, 0x204, 0x0)

04:02:41 executing program 5:
prctl$PR_GET_TIMERSLACK(0x1e)

04:02:41 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000001680)={0x14}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000002100), r0)

04:02:42 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000300)=""/136, 0x88}], 0x1)

[  133.376246] audit: type=1400 audit(1664337762.205:7): avc:  denied  { open } for  pid=3848 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  133.378747] audit: type=1400 audit(1664337762.206:8): avc:  denied  { kernel } for  pid=3848 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  133.423544] audit: type=1400 audit(1664337762.253:9): avc:  denied  { read } for  pid=3848 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
04:02:42 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000300)=""/136, 0x88}], 0x1)

[  133.652155] ------------[ cut here ]------------
[  133.652198] 
[  133.652203] ======================================================
[  133.652209] WARNING: possible circular locking dependency detected
[  133.652216] 6.0.0-rc7-next-20220927 #1 Not tainted
[  133.652228] ------------------------------------------------------
[  133.652234] syz-executor.5/3861 is trying to acquire lock:
[  133.652246] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  133.652315] 
[  133.652315] but task is already holding lock:
[  133.652320] ffff88800fff7820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  133.652370] 
[  133.652370] which lock already depends on the new lock.
[  133.652370] 
[  133.652376] 
[  133.652376] the existing dependency chain (in reverse order) is:
[  133.652382] 
[  133.652382] -> #3 (&ctx->lock){....}-{2:2}:
[  133.652407]        _raw_spin_lock+0x2a/0x40
[  133.652430]        __perf_event_task_sched_out+0x53b/0x18d0
[  133.652454]        __schedule+0xedd/0x2470
[  133.652482]        schedule+0xda/0x1b0
[  133.652509]        exit_to_user_mode_prepare+0x114/0x1a0
[  133.652531]        syscall_exit_to_user_mode+0x19/0x40
[  133.652557]        do_syscall_64+0x48/0x90
[  133.652576]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.652602] 
[  133.652602] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  133.652627]        _raw_spin_lock_nested+0x30/0x40
[  133.652650]        raw_spin_rq_lock_nested+0x1e/0x30
[  133.652673]        task_fork_fair+0x63/0x4d0
[  133.652702]        sched_cgroup_fork+0x3d0/0x540
[  133.652728]        copy_process+0x4183/0x6e20
[  133.652747]        kernel_clone+0xe7/0x890
[  133.652764]        user_mode_thread+0xad/0xf0
[  133.652783]        rest_init+0x24/0x250
[  133.652808]        arch_call_rest_init+0xf/0x14
[  133.652832]        start_kernel+0x4c6/0x4eb
[  133.652858]        secondary_startup_64_no_verify+0xe0/0xeb
[  133.652883] 
[  133.652883] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  133.652908]        _raw_spin_lock_irqsave+0x39/0x60
[  133.652931]        try_to_wake_up+0xab/0x1930
[  133.652955]        up+0x75/0xb0
[  133.652984]        __up_console_sem+0x6e/0x80
[  133.653012]        console_unlock+0x46a/0x590
[  133.653041]        vprintk_emit+0x1bd/0x560
[  133.653071]        vprintk+0x84/0xa0
[  133.653100]        _printk+0xba/0xf1
[  133.653122]        kauditd_hold_skb.cold+0x3f/0x4e
[  133.653141]        kauditd_send_queue+0x233/0x290
[  133.653167]        kauditd_thread+0x5da/0x9a0
[  133.653193]        kthread+0x2ed/0x3a0
[  133.653219]        ret_from_fork+0x22/0x30
[  133.653241] 
[  133.653241] -> #0 ((console_sem).lock){....}-{2:2}:
[  133.653266]        __lock_acquire+0x2a02/0x5e70
[  133.653297]        lock_acquire+0x1a2/0x530
[  133.653325]        _raw_spin_lock_irqsave+0x39/0x60
[  133.653348]        down_trylock+0xe/0x70
[  133.653378]        __down_trylock_console_sem+0x3b/0xd0
[  133.653408]        vprintk_emit+0x16b/0x560
[  133.653437]        vprintk+0x84/0xa0
[  133.653466]        _printk+0xba/0xf1
[  133.653488]        report_bug.cold+0x72/0xab
[  133.653506]        handle_bug+0x3c/0x70
[  133.653524]        exc_invalid_op+0x14/0x50
[  133.653543]        asm_exc_invalid_op+0x16/0x20
[  133.653568]        group_sched_out.part.0+0x2c7/0x460
[  133.653588]        ctx_sched_out+0x8f1/0xc10
[  133.653607]        __perf_event_task_sched_out+0x6d0/0x18d0
[  133.653630]        __schedule+0xedd/0x2470
[  133.653658]        schedule+0xda/0x1b0
[  133.653686]        futex_wait_queue+0xf5/0x1e0
[  133.653706]        futex_wait+0x28e/0x690
[  133.653725]        do_futex+0x2ff/0x380
[  133.653742]        __x64_sys_futex+0x1c6/0x4d0
[  133.653761]        do_syscall_64+0x3b/0x90
[  133.653779]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.653805] 
[  133.653805] other info that might help us debug this:
[  133.653805] 
[  133.653810] Chain exists of:
[  133.653810]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  133.653810] 
[  133.653837]  Possible unsafe locking scenario:
[  133.653837] 
[  133.653841]        CPU0                    CPU1
[  133.653846]        ----                    ----
[  133.653850]   lock(&ctx->lock);
[  133.653860]                                lock(&rq->__lock);
[  133.653872]                                lock(&ctx->lock);
[  133.653883]   lock((console_sem).lock);
[  133.653894] 
[  133.653894]  *** DEADLOCK ***
[  133.653894] 
[  133.653897] 2 locks held by syz-executor.5/3861:
[  133.653913]  #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  133.653971]  #1: ffff88800fff7820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  133.654022] 
[  133.654022] stack backtrace:
[  133.654028] CPU: 0 PID: 3861 Comm: syz-executor.5 Not tainted 6.0.0-rc7-next-20220927 #1
[  133.654051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  133.654065] Call Trace:
[  133.654070]  <TASK>
[  133.654078]  dump_stack_lvl+0x8b/0xb3
[  133.654099]  check_noncircular+0x263/0x2e0
[  133.654130]  ? format_decode+0x26c/0xb50
[  133.654162]  ? print_circular_bug+0x450/0x450
[  133.654194]  ? enable_ptr_key_workfn+0x20/0x20
[  133.654228]  ? format_decode+0x26c/0xb50
[  133.654263]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  133.654295]  __lock_acquire+0x2a02/0x5e70
[  133.654335]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  133.654377]  lock_acquire+0x1a2/0x530
[  133.654408]  ? down_trylock+0xe/0x70
[  133.654442]  ? lock_release+0x750/0x750
[  133.654477]  ? lock_is_held_type+0xd7/0x130
[  133.654505]  ? vprintk+0x84/0xa0
[  133.654538]  _raw_spin_lock_irqsave+0x39/0x60
[  133.654562]  ? down_trylock+0xe/0x70
[  133.654595]  down_trylock+0xe/0x70
[  133.654627]  ? vprintk+0x84/0xa0
[  133.654658]  __down_trylock_console_sem+0x3b/0xd0
[  133.654689]  vprintk_emit+0x16b/0x560
[  133.654724]  vprintk+0x84/0xa0
[  133.654756]  _printk+0xba/0xf1
[  133.654780]  ? record_print_text.cold+0x16/0x16
[  133.654813]  ? report_bug.cold+0x66/0xab
[  133.654834]  ? group_sched_out.part.0+0x2c7/0x460
[  133.654856]  report_bug.cold+0x72/0xab
[  133.654879]  handle_bug+0x3c/0x70
[  133.654899]  exc_invalid_op+0x14/0x50
[  133.654921]  asm_exc_invalid_op+0x16/0x20
[  133.654947] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  133.654973] Code: 5e 41 5f e9 ab a9 ef ff e8 a6 a9 ef ff 65 8b 1d 1b 0f ac 7e 31 ff 89 de e8 46 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 89 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 7d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  133.654994] RSP: 0018:ffff88803e9478f8 EFLAGS: 00010006
[  133.655010] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  133.655024] RDX: ffff8880100eb580 RSI: ffffffff815666b7 RDI: 0000000000000005
[  133.655038] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  133.655052] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800fff7800
[  133.655066] R13: ffff88806ce3d140 R14: ffffffff8547cf80 R15: 0000000000000002
[  133.655086]  ? group_sched_out.part.0+0x2c7/0x460
[  133.655112]  ? group_sched_out.part.0+0x2c7/0x460
[  133.655137]  ctx_sched_out+0x8f1/0xc10
[  133.655161]  __perf_event_task_sched_out+0x6d0/0x18d0
[  133.655191]  ? lock_is_held_type+0xd7/0x130
[  133.655219]  ? __perf_cgroup_move+0x160/0x160
[  133.655242]  ? set_next_entity+0x304/0x550
[  133.655279]  ? lock_is_held_type+0xd7/0x130
[  133.655308]  __schedule+0xedd/0x2470
[  133.655342]  ? io_schedule_timeout+0x150/0x150
[  133.655374]  ? futex_wait_setup+0x166/0x230
[  133.655401]  schedule+0xda/0x1b0
[  133.655432]  futex_wait_queue+0xf5/0x1e0
[  133.655455]  futex_wait+0x28e/0x690
[  133.655478]  ? futex_wait_setup+0x230/0x230
[  133.655503]  ? wake_up_q+0x8b/0xf0
[  133.655527]  ? do_raw_spin_unlock+0x4f/0x220
[  133.655587]  ? futex_wake+0x158/0x490
[  133.655618]  ? fd_install+0x1f9/0x640
[  133.655649]  do_futex+0x2ff/0x380
[  133.655670]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  133.655700]  __x64_sys_futex+0x1c6/0x4d0
[  133.655724]  ? __x64_sys_futex_time32+0x480/0x480
[  133.655749]  ? syscall_enter_from_user_mode+0x1d/0x50
[  133.655777]  ? syscall_enter_from_user_mode+0x1d/0x50
[  133.655809]  do_syscall_64+0x3b/0x90
[  133.655830]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.655858] RIP: 0033:0x7fd4e8355b19
[  133.655873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.655893] RSP: 002b:00007fd4e58cb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.655913] RAX: ffffffffffffffda RBX: 00007fd4e8468f68 RCX: 00007fd4e8355b19
[  133.655928] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd4e8468f68
[  133.655941] RBP: 00007fd4e8468f60 R08: 0000000000000000 R09: 0000000000000000
[  133.655954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4e8468f6c
[  133.655968] R13: 00007fff7265f69f R14: 00007fd4e58cb300 R15: 0000000000022000
[  133.655992]  </TASK>
[  133.762846] WARNING: CPU: 0 PID: 3861 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  133.764085] Modules linked in:
[  133.764522] CPU: 0 PID: 3861 Comm: syz-executor.5 Not tainted 6.0.0-rc7-next-20220927 #1
[  133.765594] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  133.767078] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  133.767814] Code: 5e 41 5f e9 ab a9 ef ff e8 a6 a9 ef ff 65 8b 1d 1b 0f ac 7e 31 ff 89 de e8 46 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 89 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 7d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  133.770195] RSP: 0018:ffff88803e9478f8 EFLAGS: 00010006
[  133.770906] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  133.771842] RDX: ffff8880100eb580 RSI: ffffffff815666b7 RDI: 0000000000000005
[  133.772792] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  133.773740] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800fff7800
[  133.774691] R13: ffff88806ce3d140 R14: ffffffff8547cf80 R15: 0000000000000002
[  133.775676] FS:  00007fd4e58cb700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  133.776748] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.777526] CR2: 00007fd4e8469018 CR3: 000000001d318000 CR4: 0000000000350ef0
[  133.778480] Call Trace:
[  133.778828]  <TASK>
[  133.779135]  ctx_sched_out+0x8f1/0xc10
[  133.779670]  __perf_event_task_sched_out+0x6d0/0x18d0
[  133.780373]  ? lock_is_held_type+0xd7/0x130
[  133.780948]  ? __perf_cgroup_move+0x160/0x160
[  133.781561]  ? set_next_entity+0x304/0x550
[  133.782140]  ? lock_is_held_type+0xd7/0x130
[  133.782713]  __schedule+0xedd/0x2470
[  133.783220]  ? io_schedule_timeout+0x150/0x150
[  133.783862]  ? futex_wait_setup+0x166/0x230
[  133.784439]  schedule+0xda/0x1b0
[  133.784900]  futex_wait_queue+0xf5/0x1e0
[  133.785441]  futex_wait+0x28e/0x690
[  133.785945]  ? futex_wait_setup+0x230/0x230
[  133.786513]  ? wake_up_q+0x8b/0xf0
[  133.786991]  ? do_raw_spin_unlock+0x4f/0x220
[  133.787604]  ? futex_wake+0x158/0x490
[  133.788113]  ? fd_install+0x1f9/0x640
[  133.788627]  do_futex+0x2ff/0x380
[  133.789094]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  133.789843]  __x64_sys_futex+0x1c6/0x4d0
[  133.790375]  ? __x64_sys_futex_time32+0x480/0x480
[  133.791001]  ? syscall_enter_from_user_mode+0x1d/0x50
[  133.791703]  ? syscall_enter_from_user_mode+0x1d/0x50
[  133.792383]  do_syscall_64+0x3b/0x90
[  133.792874]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.793545] RIP: 0033:0x7fd4e8355b19
[  133.794032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.796383] RSP: 002b:00007fd4e58cb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.797382] RAX: ffffffffffffffda RBX: 00007fd4e8468f68 RCX: 00007fd4e8355b19
[  133.798313] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd4e8468f68
[  133.799233] RBP: 00007fd4e8468f60 R08: 0000000000000000 R09: 0000000000000000
[  133.800177] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4e8468f6c
[  133.801093] R13: 00007fff7265f69f R14: 00007fd4e58cb300 R15: 0000000000022000
[  133.802045]  </TASK>
[  133.802364] irq event stamp: 342
[  133.802815] hardirqs last  enabled at (341): [<ffffffff842505ed>] syscall_enter_from_user_mode+0x1d/0x50
[  133.804081] hardirqs last disabled at (342): [<ffffffff842598f5>] __schedule+0x1225/0x2470
[  133.805186] softirqs last  enabled at (330): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  133.806303] softirqs last disabled at (271): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  133.807412] ---[ end trace 0000000000000000 ]---
[  133.872865] hrtimer: interrupt took 19045 ns
[  133.932961] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  133.940299] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
04:02:42 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGEFFECTS(r0, 0x80044584, 0x0)

04:02:42 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400))
mount_setattr(0xffffffffffffff9c, &(0x7f0000000040)='./file0/../file0\x00', 0x0, &(0x7f0000000080)={0x0, 0x200080}, 0x20)

04:02:42 executing program 2:
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000080))
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)

[  136.890384] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  136.895488] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  136.897810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  136.899943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  136.908128] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  136.909743] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  136.913417] Bluetooth: hci4: HCI_REQ-0x0c1a
[  138.897870] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  138.897900] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  138.898362] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  138.961903] Bluetooth: hci4: command 0x0409 tx timeout
[  141.009918] Bluetooth: hci4: command 0x041b tx timeout
[  143.057906] Bluetooth: hci4: command 0x040f tx timeout
[  143.186904] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  143.249966] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  143.250819] Bluetooth: hci5: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
04:02:42  Registers:
info registers vcpu 0
RAX=0000000000000069 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823ba0b1 RDI=ffffffff8765a980 RBP=ffffffff8765a940 RSP=ffff88803e947340
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000069 R11=0000000000000001
R12=0000000000000069 R13=ffffffff8765a940 R14=0000000000000010 R15=ffffffff823ba0a0
RIP=ffffffff823ba109 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fd4e58cb700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd4e8469018 CR3=000000001d318000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fd4e843c7c0 00007fd4e843c7c8
YMM02=0000000000000000 0000000000000000 00007fd4e843c7e0 00007fd4e843c7c0
YMM03=0000000000000000 0000000000000000 00007fd4e843c7c8 00007fd4e843c7c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3eee0 RCX=0000000000000000 RDX=ffff888010291ac0
RSI=ffffffff813bbed7 RDI=0000000000000005 RBP=0000000000000000 RSP=ffff88803e89f958
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000003 R13=ffffed100d9c7ddd R14=ffff88806ce3eee8 R15=0000000000000001
RIP=ffffffff813bbed9 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555555608400 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd4e84650a0 CR3=000000001d318000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fd4e843c7c0 00007fd4e843c7c8
YMM02=0000000000000000 0000000000000000 00007fd4e843c7e0 00007fd4e843c7c0
YMM03=0000000000000000 0000000000000000 00007fd4e843c7c8 00007fd4e843c7c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000