Warning: Permanently added '[localhost]:17605' (ECDSA) to the list of known hosts.
2022/09/29 02:13:25 fuzzer started
2022/09/29 02:13:26 dialing manager at localhost:45751
syzkaller login: [   44.272172] cgroup: Unknown subsys name 'net'
[   44.384106] cgroup: Unknown subsys name 'rlimit'
2022/09/29 02:13:39 syscalls: 2215
2022/09/29 02:13:39 code coverage: enabled
2022/09/29 02:13:39 comparison tracing: enabled
2022/09/29 02:13:39 extra coverage: enabled
2022/09/29 02:13:39 setuid sandbox: enabled
2022/09/29 02:13:39 namespace sandbox: enabled
2022/09/29 02:13:39 Android sandbox: enabled
2022/09/29 02:13:39 fault injection: enabled
2022/09/29 02:13:39 leak checking: enabled
2022/09/29 02:13:39 net packet injection: enabled
2022/09/29 02:13:39 net device setup: enabled
2022/09/29 02:13:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/29 02:13:39 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/29 02:13:39 USB emulation: enabled
2022/09/29 02:13:39 hci packet injection: enabled
2022/09/29 02:13:39 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220928                                          )
2022/09/29 02:13:39 802.15.4 emulation: enabled
2022/09/29 02:13:39 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/29 02:13:39 fetching corpus: 50, signal 27837/30718 (executing program)
2022/09/29 02:13:39 fetching corpus: 100, signal 40829/44350 (executing program)
2022/09/29 02:13:39 fetching corpus: 150, signal 44814/49166 (executing program)
2022/09/29 02:13:40 fetching corpus: 200, signal 49999/54933 (executing program)
2022/09/29 02:13:40 fetching corpus: 250, signal 53834/59259 (executing program)
2022/09/29 02:13:40 fetching corpus: 300, signal 58826/64390 (executing program)
2022/09/29 02:13:40 fetching corpus: 350, signal 63642/69291 (executing program)
2022/09/29 02:13:40 fetching corpus: 400, signal 67559/73166 (executing program)
2022/09/29 02:13:40 fetching corpus: 450, signal 73354/78358 (executing program)
2022/09/29 02:13:41 fetching corpus: 500, signal 76907/81586 (executing program)
2022/09/29 02:13:41 fetching corpus: 550, signal 79840/84196 (executing program)
2022/09/29 02:13:41 fetching corpus: 600, signal 82482/86476 (executing program)
2022/09/29 02:13:41 fetching corpus: 650, signal 84211/88028 (executing program)
2022/09/29 02:13:41 fetching corpus: 700, signal 86226/89692 (executing program)
2022/09/29 02:13:41 fetching corpus: 750, signal 89206/91920 (executing program)
2022/09/29 02:13:41 fetching corpus: 800, signal 91368/93473 (executing program)
2022/09/29 02:13:42 fetching corpus: 850, signal 92721/94427 (executing program)
2022/09/29 02:13:42 fetching corpus: 900, signal 94153/95381 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/95647 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/95715 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/95774 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/95848 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/95901 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/95945 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96009 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96066 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96118 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96170 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96206 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96260 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96317 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96365 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96414 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96466 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96521 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96568 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96630 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96677 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96735 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96797 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96835 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96881 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96928 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/96977 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/97025 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/97076 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/97140 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/97146 (executing program)
2022/09/29 02:13:42 fetching corpus: 922, signal 94524/97146 (executing program)
2022/09/29 02:13:45 starting 8 fuzzer processes
02:13:45 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x40400, 0x0)
getdents(r0, &(0x7f00000012c0)=""/4093, 0xffd)

02:13:45 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

02:13:45 executing program 3:
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3)
mlock(&(0x7f0000fed000/0x13000)=nil, 0x13000)

02:13:45 executing program 2:
msgrcv(0x0, 0x0, 0x0, 0x2, 0x3800)

02:13:45 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x3c}, 0x0, @in6=@remote, 0x0, 0x1, 0x0, 0xfe}}, 0xe8)
sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0)

[   63.467315] audit: type=1400 audit(1664417625.422:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
02:13:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1})

02:13:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r2, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220)
openat(r1, 0x0, 0x100000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'})
listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x3, 0x80000, 0x8000000)
write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d)
r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00')
openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0)
pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

02:13:45 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
lseek(r0, 0xfeffffff00000000, 0x4)

[   64.747458] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.749289] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.752081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.755932] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.758711] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   64.759968] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.768455] Bluetooth: hci0: HCI_REQ-0x0c1a
[   64.801509] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.820598] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.823045] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.827298] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.829491] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   64.830807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.836105] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.839062] Bluetooth: hci1: HCI_REQ-0x0c1a
[   64.858738] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.860151] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   64.861951] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   64.863513] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   64.866337] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   64.867934] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.870065] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   64.873259] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   64.874703] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.875064] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   64.876095] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   64.878044] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   64.880163] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   64.880285] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   64.882207] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.883804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   64.884093] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   64.888651] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   64.891449] Bluetooth: hci2: HCI_REQ-0x0c1a
[   64.892129] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   64.893815] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   64.895323] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   64.895598] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   64.905034] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   64.906497] Bluetooth: hci3: HCI_REQ-0x0c1a
[   64.912534] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   64.916775] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   64.918690] Bluetooth: hci6: HCI_REQ-0x0c1a
[   64.921459] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   64.923128] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   64.926930] Bluetooth: hci4: HCI_REQ-0x0c1a
[   64.933585] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   64.939653] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   64.944336] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   64.958399] Bluetooth: hci7: HCI_REQ-0x0c1a
[   64.970899] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   64.973296] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   64.984986] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   64.986979] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   64.988262] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   65.032740] Bluetooth: hci5: HCI_REQ-0x0c1a
[   66.828640] Bluetooth: hci0: command 0x0409 tx timeout
[   66.893417] Bluetooth: hci1: command 0x0409 tx timeout
[   66.956780] Bluetooth: hci3: command 0x0409 tx timeout
[   66.957320] Bluetooth: hci4: command 0x0409 tx timeout
[   66.957820] Bluetooth: hci2: command 0x0409 tx timeout
[   66.958285] Bluetooth: hci6: command 0x0409 tx timeout
[   67.020416] Bluetooth: hci7: command 0x0409 tx timeout
[   67.084461] Bluetooth: hci5: command 0x0409 tx timeout
[   68.876450] Bluetooth: hci0: command 0x041b tx timeout
[   68.940513] Bluetooth: hci1: command 0x041b tx timeout
[   69.004472] Bluetooth: hci6: command 0x041b tx timeout
[   69.004913] Bluetooth: hci2: command 0x041b tx timeout
[   69.005318] Bluetooth: hci4: command 0x041b tx timeout
[   69.005747] Bluetooth: hci3: command 0x041b tx timeout
[   69.068411] Bluetooth: hci7: command 0x041b tx timeout
[   69.132394] Bluetooth: hci5: command 0x041b tx timeout
[   70.924394] Bluetooth: hci0: command 0x040f tx timeout
[   70.988452] Bluetooth: hci1: command 0x040f tx timeout
[   71.052421] Bluetooth: hci3: command 0x040f tx timeout
[   71.052858] Bluetooth: hci4: command 0x040f tx timeout
[   71.053252] Bluetooth: hci2: command 0x040f tx timeout
[   71.054079] Bluetooth: hci6: command 0x040f tx timeout
[   71.116410] Bluetooth: hci7: command 0x040f tx timeout
[   71.180475] Bluetooth: hci5: command 0x040f tx timeout
[   72.972437] Bluetooth: hci0: command 0x0419 tx timeout
[   73.036455] Bluetooth: hci1: command 0x0419 tx timeout
[   73.100525] Bluetooth: hci6: command 0x0419 tx timeout
[   73.100975] Bluetooth: hci2: command 0x0419 tx timeout
[   73.101545] Bluetooth: hci4: command 0x0419 tx timeout
[   73.101948] Bluetooth: hci3: command 0x0419 tx timeout
[   73.164397] Bluetooth: hci7: command 0x0419 tx timeout
[   73.228500] Bluetooth: hci5: command 0x0419 tx timeout
[  127.202526] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  127.213083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  127.214449] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  127.226951] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  127.235994] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  127.238036] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  127.253582] Bluetooth: hci0: HCI_REQ-0x0c1a
[  127.319184] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  127.322778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  127.325776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  127.335537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  127.351182] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  127.353548] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  127.360042] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  127.361968] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  127.368930] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  127.375568] Bluetooth: hci2: HCI_REQ-0x0c1a
[  127.402555] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  127.403927] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  127.404907] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  127.408726] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  127.412038] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  127.413171] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  127.416212] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  127.417104] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  127.418748] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  127.419847] Bluetooth: hci1: HCI_REQ-0x0c1a
[  127.420130] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  127.429433] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  127.431486] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  127.433828] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  127.438051] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  127.440175] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  127.443664] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  127.451530] Bluetooth: hci7: HCI_REQ-0x0c1a
[  127.454740] Bluetooth: hci6: HCI_REQ-0x0c1a
[  127.466741] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  127.474568] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  127.485803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  127.495821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  127.502561] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  127.505004] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  127.507256] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  127.509700] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  127.513148] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  127.521763] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  127.524809] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  127.533246] Bluetooth: hci3: HCI_REQ-0x0c1a
[  127.537580] Bluetooth: hci4: HCI_REQ-0x0c1a
[  127.569981] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  127.579619] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  127.581539] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  127.590563] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  127.593649] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  127.599652] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  127.608433] Bluetooth: hci5: HCI_REQ-0x0c1a
[  129.293441] Bluetooth: hci0: command 0x0409 tx timeout
[  129.420502] Bluetooth: hci2: command 0x0409 tx timeout
[  129.484645] Bluetooth: hci1: command 0x0409 tx timeout
[  129.548549] Bluetooth: hci4: command 0x0409 tx timeout
[  129.550322] Bluetooth: hci3: command 0x0409 tx timeout
[  129.551986] Bluetooth: hci7: command 0x0409 tx timeout
[  129.553564] Bluetooth: hci6: command 0x0409 tx timeout
[  129.740549] Bluetooth: hci5: command 0x0409 tx timeout
[  131.340414] Bluetooth: hci0: command 0x041b tx timeout
[  131.468428] Bluetooth: hci2: command 0x041b tx timeout
[  131.532426] Bluetooth: hci1: command 0x041b tx timeout
[  131.596512] Bluetooth: hci6: command 0x041b tx timeout
[  131.597068] Bluetooth: hci7: command 0x041b tx timeout
[  131.597782] Bluetooth: hci3: command 0x041b tx timeout
[  131.598283] Bluetooth: hci4: command 0x041b tx timeout
[  131.788532] Bluetooth: hci5: command 0x041b tx timeout
[  133.388416] Bluetooth: hci0: command 0x040f tx timeout
[  133.516518] Bluetooth: hci2: command 0x040f tx timeout
[  133.580418] Bluetooth: hci1: command 0x040f tx timeout
[  133.644481] Bluetooth: hci4: command 0x040f tx timeout
[  133.646094] Bluetooth: hci3: command 0x040f tx timeout
[  133.647226] Bluetooth: hci7: command 0x040f tx timeout
[  133.648252] Bluetooth: hci6: command 0x040f tx timeout
[  133.836437] Bluetooth: hci5: command 0x040f tx timeout
[  135.436442] Bluetooth: hci0: command 0x0419 tx timeout
[  135.564502] Bluetooth: hci2: command 0x0419 tx timeout
[  135.628486] Bluetooth: hci1: command 0x0419 tx timeout
[  135.692540] Bluetooth: hci6: command 0x0419 tx timeout
[  135.693092] Bluetooth: hci7: command 0x0419 tx timeout
[  135.693626] Bluetooth: hci3: command 0x0419 tx timeout
[  135.694109] Bluetooth: hci4: command 0x0419 tx timeout
[  135.884419] Bluetooth: hci5: command 0x0419 tx timeout
[  189.155574] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  189.157951] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  189.158942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  189.162056] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  189.163289] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  189.165176] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  189.169320] Bluetooth: hci0: HCI_REQ-0x0c1a
[  189.179991] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  189.183157] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  189.186055] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  189.192950] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  189.206586] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  189.208133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  189.214525] Bluetooth: hci1: HCI_REQ-0x0c1a
[  189.428257] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  189.435643] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  189.438056] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  189.446632] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  189.462041] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  189.463140] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  189.466017] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  189.466744] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  189.471559] Bluetooth: hci4: HCI_REQ-0x0c1a
[  189.480592] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  189.485667] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  189.488101] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  189.491454] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  189.498523] Bluetooth: hci5: HCI_REQ-0x0c1a
[  191.181442] Bluetooth: hci0: command 0x0409 tx timeout
[  191.244535] Bluetooth: hci1: command 0x0409 tx timeout
[  191.309462] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  191.373432] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  191.500449] Bluetooth: hci4: command 0x0409 tx timeout
[  191.564451] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  191.565762] Bluetooth: hci5: command 0x0409 tx timeout
[  191.628630] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  193.228452] Bluetooth: hci0: command 0x041b tx timeout
[  193.293680] Bluetooth: hci1: command 0x041b tx timeout
[  193.549444] Bluetooth: hci4: command 0x041b tx timeout
[  193.612405] Bluetooth: hci5: command 0x041b tx timeout
[  193.939998] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  193.945965] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  193.949966] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  193.960111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  193.971675] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  193.973589] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  193.984491] Bluetooth: hci3: HCI_REQ-0x0c1a
[  194.414241] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  194.420240] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  194.426784] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  194.444593] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  194.454991] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  194.470697] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  194.487432] Bluetooth: hci7: HCI_REQ-0x0c1a
[  195.277449] Bluetooth: hci0: command 0x040f tx timeout
[  195.340431] Bluetooth: hci1: command 0x040f tx timeout
[  195.596501] Bluetooth: hci4: command 0x040f tx timeout
[  195.660488] Bluetooth: hci5: command 0x040f tx timeout
[  195.853446] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  196.045472] Bluetooth: hci3: command 0x0409 tx timeout
[  196.301413] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  196.557690] Bluetooth: hci7: command 0x0409 tx timeout
[  197.326721] Bluetooth: hci0: command 0x0419 tx timeout
[  197.388503] Bluetooth: hci1: command 0x0419 tx timeout
[  197.645419] Bluetooth: hci4: command 0x0419 tx timeout
[  197.709874] Bluetooth: hci5: command 0x0419 tx timeout
[  198.093457] Bluetooth: hci3: command 0x041b tx timeout
[  198.605436] Bluetooth: hci7: command 0x041b tx timeout
[  200.141413] Bluetooth: hci3: command 0x040f tx timeout
[  200.460427] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  200.653506] Bluetooth: hci7: command 0x040f tx timeout
[  200.908900] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  202.188470] Bluetooth: hci3: command 0x0419 tx timeout
[  202.700447] Bluetooth: hci7: command 0x0419 tx timeout
[  203.438149] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  203.441376] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  203.443944] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  203.452616] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  203.458801] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  203.461044] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  203.470435] Bluetooth: hci6: HCI_REQ-0x0c1a
[  205.133491] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  205.516626] Bluetooth: hci6: command 0x0409 tx timeout
[  207.565483] Bluetooth: hci6: command 0x041b tx timeout
[  209.612575] Bluetooth: hci6: command 0x040f tx timeout
[  209.805487] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  211.661455] Bluetooth: hci6: command 0x0419 tx timeout
[  212.397210] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  212.399047] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  212.399910] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  212.402993] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  212.404094] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  212.405385] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  212.412599] Bluetooth: hci2: HCI_REQ-0x0c1a
[  214.476442] Bluetooth: hci2: command 0x0409 tx timeout
[  216.524497] Bluetooth: hci2: command 0x041b tx timeout
[  218.572399] Bluetooth: hci2: command 0x040f tx timeout
[  220.621029] Bluetooth: hci2: command 0x0419 tx timeout
[  250.606022] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  250.618819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  250.624822] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  250.631255] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  250.633859] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  250.636039] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  250.641074] Bluetooth: hci0: HCI_REQ-0x0c1a
02:16:52 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

02:16:53 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

[  251.055873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  251.065779] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  251.068917] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  251.077622] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  251.105623] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  251.112760] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  251.147413] Bluetooth: hci1: HCI_REQ-0x0c1a
02:16:53 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

[  251.300763] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  251.304882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  251.308698] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  251.316555] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
02:16:53 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

[  251.354660] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  251.357870] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  251.376225] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  251.379560] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  251.393867] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
02:16:53 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

[  251.431445] Bluetooth: hci4: HCI_REQ-0x0c1a
[  251.471177] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  251.494220] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  251.498250] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
02:16:53 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$unlink(0x9, r0, r0)

[  251.562428] Bluetooth: hci5: HCI_REQ-0x0c1a
02:16:53 executing program 1:
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')

02:16:54 executing program 1:
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')

[  252.685520] Bluetooth: hci0: command 0x0409 tx timeout
[  253.196443] Bluetooth: hci1: command 0x0409 tx timeout
[  253.516441] Bluetooth: hci4: command 0x0409 tx timeout
[  253.580524] Bluetooth: hci5: command 0x0409 tx timeout
[  254.733228] Bluetooth: hci0: command 0x041b tx timeout
[  255.245564] Bluetooth: hci1: command 0x041b tx timeout
[  255.564397] Bluetooth: hci4: command 0x041b tx timeout
[  255.629435] Bluetooth: hci5: command 0x041b tx timeout
[  256.781390] Bluetooth: hci0: command 0x040f tx timeout
[  257.293412] Bluetooth: hci1: command 0x040f tx timeout
[  257.613419] Bluetooth: hci4: command 0x040f tx timeout
[  257.677417] Bluetooth: hci5: command 0x040f tx timeout
[  258.828403] Bluetooth: hci0: command 0x0419 tx timeout
[  259.340499] Bluetooth: hci1: command 0x0419 tx timeout
[  259.660474] Bluetooth: hci4: command 0x0419 tx timeout
[  259.724495] Bluetooth: hci5: command 0x0419 tx timeout
[  266.876228] loop6: detected capacity change from 0 to 40
[  266.964647] audit: type=1400 audit(1664417828.918:7): avc:  denied  { open } for  pid=10827 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  266.966799] audit: type=1400 audit(1664417828.918:8): avc:  denied  { kernel } for  pid=10827 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  266.980344] hrtimer: interrupt took 24686 ns
[  266.987112] ------------[ cut here ]------------
[  266.987144] 
[  266.987148] ======================================================
[  266.987153] WARNING: possible circular locking dependency detected
[  266.987158] 6.0.0-rc7-next-20220928 #1 Not tainted
[  266.987168] ------------------------------------------------------
[  266.987173] syz-executor.6/10828 is trying to acquire lock:
[  266.987182] ffffffff853faab8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0xe/0x70
[  266.987238] 
[  266.987238] but task is already holding lock:
[  266.987242] ffff88802eff6c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  266.987284] 
[  266.987284] which lock already depends on the new lock.
[  266.987284] 
[  266.987289] 
[  266.987289] the existing dependency chain (in reverse order) is:
[  266.987294] 
[  266.987294] -> #3 (&ctx->lock){....}-{2:2}:
[  266.987315]        _raw_spin_lock+0x2a/0x40
[  266.987335]        __perf_event_task_sched_out+0x53b/0x18d0
[  266.987356]        __schedule+0xedd/0x2470
[  266.987381]        schedule+0xda/0x1b0
[  266.987403]        exit_to_user_mode_prepare+0x114/0x1a0
[  266.987421]        irqentry_exit_to_user_mode+0x5/0x30
[  266.987444]        asm_sysvec_apic_timer_interrupt+0x16/0x20
[  266.987468] 
[  266.987468] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  266.987490]        _raw_spin_lock_nested+0x30/0x40
[  266.987508]        raw_spin_rq_lock_nested+0x1e/0x30
[  266.987528]        task_fork_fair+0x63/0x4d0
[  266.987555]        sched_cgroup_fork+0x3d0/0x540
[  266.987578]        copy_process+0x4183/0x6e20
[  266.987594]        kernel_clone+0xe7/0x890
[  266.987609]        user_mode_thread+0xad/0xf0
[  266.987626]        rest_init+0x24/0x250
[  266.987646]        arch_call_rest_init+0xf/0x14
[  266.987676]        start_kernel+0x4c6/0x4eb
[  266.987702]        secondary_startup_64_no_verify+0xe0/0xeb
[  266.987723] 
[  266.987723] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  266.987745]        _raw_spin_lock_irqsave+0x39/0x60
[  266.987765]        try_to_wake_up+0xab/0x1930
[  266.987785]        up+0x75/0xb0
[  266.987810]        __up_console_sem+0x6e/0x80
[  266.987833]        console_unlock+0x46a/0x590
[  266.987857]        do_con_write+0xc05/0x1d50
[  266.987875]        con_write+0x21/0x40
[  266.987892]        n_tty_write+0x4d4/0xfe0
[  266.987913]        file_tty_write.constprop.0+0x455/0x8a0
[  266.987933]        vfs_write+0x9c3/0xd90
[  266.987962]        ksys_write+0x127/0x250
[  266.987976]        do_syscall_64+0x3b/0x90
[  266.987992]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  266.988014] 
[  266.988014] -> #0 ((console_sem).lock){-.-.}-{2:2}:
[  266.988034]        __lock_acquire+0x2a02/0x5e70
[  266.988060]        lock_acquire+0x1a2/0x530
[  266.988085]        _raw_spin_lock_irqsave+0x39/0x60
[  266.988104]        down_trylock+0xe/0x70
[  266.988129]        __down_trylock_console_sem+0x3b/0xd0
[  266.988155]        vprintk_emit+0x16b/0x560
[  266.988180]        vprintk+0x84/0xa0
[  266.988205]        _printk+0xba/0xf1
[  266.988223]        report_bug.cold+0x72/0xab
[  266.988238]        handle_bug+0x3c/0x70
[  266.988254]        exc_invalid_op+0x14/0x50
[  266.988271]        asm_exc_invalid_op+0x16/0x20
[  266.988291]        group_sched_out.part.0+0x2c7/0x460
[  266.988309]        ctx_sched_out+0x8f1/0xc10
[  266.988324]        __perf_event_task_sched_out+0x6d0/0x18d0
[  266.988343]        __schedule+0xedd/0x2470
[  266.988367]        schedule+0xda/0x1b0
[  266.988391]        exit_to_user_mode_prepare+0x114/0x1a0
[  266.988408]        irqentry_exit_to_user_mode+0x5/0x30
[  266.988430]        asm_sysvec_apic_timer_interrupt+0x16/0x20
[  266.988452] 
[  266.988452] other info that might help us debug this:
[  266.988452] 
[  266.988456] Chain exists of:
[  266.988456]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  266.988456] 
[  266.988480]  Possible unsafe locking scenario:
[  266.988480] 
[  266.988484]        CPU0                    CPU1
[  266.988487]        ----                    ----
[  266.988491]   lock(&ctx->lock);
[  266.988500]                                lock(&rq->__lock);
[  266.988509]                                lock(&ctx->lock);
[  266.988519]   lock((console_sem).lock);
[  266.988528] 
[  266.988528]  *** DEADLOCK ***
[  266.988528] 
[  266.988531] 2 locks held by syz-executor.6/10828:
[  266.988543]  #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  266.988592]  #1: ffff88802eff6c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  266.988638] 
[  266.988638] stack backtrace:
[  266.988643] CPU: 0 PID: 10828 Comm: syz-executor.6 Not tainted 6.0.0-rc7-next-20220928 #1
[  266.988663] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  266.988674] Call Trace:
[  266.988679]  <TASK>
[  266.988685]  dump_stack_lvl+0x8b/0xb3
[  266.988705]  check_noncircular+0x263/0x2e0
[  266.988733]  ? format_decode+0x26c/0xb50
[  266.988763]  ? print_circular_bug+0x450/0x450
[  266.988793]  ? enable_ptr_key_workfn+0x20/0x20
[  266.988822]  ? __lockdep_reset_lock+0x180/0x180
[  266.988851]  ? format_decode+0x26c/0xb50
[  266.988883]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  266.988913]  __lock_acquire+0x2a02/0x5e70
[  266.988949]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  266.988985]  lock_acquire+0x1a2/0x530
[  266.989013]  ? down_trylock+0xe/0x70
[  266.989043]  ? lock_release+0x750/0x750
[  266.989077]  ? vprintk+0x84/0xa0
[  266.989107]  _raw_spin_lock_irqsave+0x39/0x60
[  266.989128]  ? down_trylock+0xe/0x70
[  266.989157]  down_trylock+0xe/0x70
[  266.989186]  ? vprintk+0x84/0xa0
[  266.989214]  __down_trylock_console_sem+0x3b/0xd0
[  266.989242]  vprintk_emit+0x16b/0x560
[  266.989273]  vprintk+0x84/0xa0
[  266.989301]  _printk+0xba/0xf1
[  266.989321]  ? record_print_text.cold+0x16/0x16
[  266.989346]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  266.989367]  ? lock_downgrade+0x6d0/0x6d0
[  266.989394]  ? report_bug.cold+0x66/0xab
[  266.989412]  ? group_sched_out.part.0+0x2c7/0x460
[  266.989431]  report_bug.cold+0x72/0xab
[  266.989450]  handle_bug+0x3c/0x70
[  266.989468]  exc_invalid_op+0x14/0x50
[  266.989487]  asm_exc_invalid_op+0x16/0x20
[  266.989511] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  266.989532] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  266.989548] RSP: 0000:ffff88802051fc68 EFLAGS: 00010006
[  266.989563] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  266.989575] RDX: ffff8880176cd040 RSI: ffffffff815662f7 RDI: 0000000000000005
[  266.989587] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  266.989599] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802eff6c00
[  266.989610] R13: ffff88806ce3d140 R14: ffffffff8547d060 R15: 0000000000000002
[  266.989629]  ? group_sched_out.part.0+0x2c7/0x460
[  266.989652]  ? group_sched_out.part.0+0x2c7/0x460
[  266.989673]  ctx_sched_out+0x8f1/0xc10
[  266.989695]  __perf_event_task_sched_out+0x6d0/0x18d0
[  266.989722]  ? lock_is_held_type+0xd7/0x130
[  266.989748]  ? __perf_cgroup_move+0x160/0x160
[  266.989768]  ? set_next_entity+0x304/0x550
[  266.989796]  ? update_curr+0x267/0x740
[  266.989826]  ? lock_is_held_type+0xd7/0x130
[  266.989851]  __schedule+0xedd/0x2470
[  266.989915]  ? io_schedule_timeout+0x150/0x150
[  266.989943]  ? lockdep_softirqs_on+0x221/0x340
[  266.989972]  ? __do_softirq+0x783/0x8f5
[  266.990000]  schedule+0xda/0x1b0
[  266.990026]  exit_to_user_mode_prepare+0x114/0x1a0
[  266.990045]  irqentry_exit_to_user_mode+0x5/0x30
[  266.990069]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  266.990094] RIP: 0033:0x7f793624a7e2
[  266.990108] Code: 48 8b 44 24 d8 4c 8b 44 24 d0 89 d2 89 c0 48 01 d7 4c 89 c2 48 01 c6 e9 9c d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 41 54 <55> 48 89 fd 53 48 81 ec d0 00 00 00 48 89 74 24 28 48 89 54 24 30
[  266.990124] RSP: 002b:00007f7933823190 EFLAGS: 00000206
[  266.990138] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00007f7936311f9d
[  266.990149] RDX: 000000000000da59 RSI: 0000000000000000 RDI: 00007f79362f8c60
[  266.990161] RBP: 000000000000000e R08: 000000000000000a R09: 000000000000000e
[  266.990171] R10: 00007ffda187f090 R11: 000000000007cf18 R12: 0000000000000000
[  266.990182] R13: 00007ffda186f70f R14: 00007f7933823300 R15: 0000000000022000
[  266.990202]  </TASK>
[  267.149514] WARNING: CPU: 0 PID: 10828 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  267.150357] Modules linked in:
[  267.150644] CPU: 0 PID: 10828 Comm: syz-executor.6 Not tainted 6.0.0-rc7-next-20220928 #1
[  267.151341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  267.152305] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  267.152803] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  267.154635] RSP: 0000:ffff88802051fc68 EFLAGS: 00010006
[  267.155182] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  267.155889] RDX: ffff8880176cd040 RSI: ffffffff815662f7 RDI: 0000000000000005
[  267.156566] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  267.157271] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802eff6c00
[  267.157961] R13: ffff88806ce3d140 R14: ffffffff8547d060 R15: 0000000000000002
[  267.158569] FS:  00007f7933823700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  267.159380] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.159939] CR2: 00007f4d8333d000 CR3: 00000000104e8000 CR4: 0000000000350ef0
[  267.160632] Call Trace:
[  267.160900]  <TASK>
[  267.161147]  ctx_sched_out+0x8f1/0xc10
[  267.161575]  __perf_event_task_sched_out+0x6d0/0x18d0
[  267.162427]  ? lock_is_held_type+0xd7/0x130
[  267.162873]  ? __perf_cgroup_move+0x160/0x160
[  267.163342]  ? set_next_entity+0x304/0x550
[  267.163791]  ? update_curr+0x267/0x740
[  267.164208]  ? lock_is_held_type+0xd7/0x130
[  267.164656]  __schedule+0xedd/0x2470
[  267.165066]  ? io_schedule_timeout+0x150/0x150
[  267.165527]  ? lockdep_softirqs_on+0x221/0x340
[  267.165996]  ? __do_softirq+0x783/0x8f5
[  267.166377]  schedule+0xda/0x1b0
[  267.166710]  exit_to_user_mode_prepare+0x114/0x1a0
[  267.167200]  irqentry_exit_to_user_mode+0x5/0x30
[  267.167665]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  267.168174] RIP: 0033:0x7f793624a7e2
[  267.168522] Code: 48 8b 44 24 d8 4c 8b 44 24 d0 89 d2 89 c0 48 01 d7 4c 89 c2 48 01 c6 e9 9c d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 41 54 <55> 48 89 fd 53 48 81 ec d0 00 00 00 48 89 74 24 28 48 89 54 24 30
[  267.170358] RSP: 002b:00007f7933823190 EFLAGS: 00000206
[  267.170887] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00007f7936311f9d
[  267.171537] RDX: 000000000000da59 RSI: 0000000000000000 RDI: 00007f79362f8c60
[  267.172251] RBP: 000000000000000e R08: 000000000000000a R09: 000000000000000e
[  267.172970] R10: 00007ffda187f090 R11: 000000000007cf18 R12: 0000000000000000
[  267.173629] R13: 00007ffda186f70f R14: 00007f7933823300 R15: 0000000000022000
[  267.174354]  </TASK>
[  267.174583] irq event stamp: 7054
[  267.174917] hardirqs last  enabled at (7053): [<ffffffff8133e8b9>] exit_to_user_mode_prepare+0x109/0x1a0
[  267.175816] hardirqs last disabled at (7054): [<ffffffff842598f5>] __schedule+0x1225/0x2470
[  267.176664] softirqs last  enabled at (7052): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  267.177527] softirqs last disabled at (5631): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  267.178369] ---[ end trace 0000000000000000 ]---
[  267.271216] syz-executor.6: attempt to access beyond end of device
[  267.271216] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[  267.272633] Buffer I/O error on dev loop6, logical block 10, lost async page write

VM DIAGNOSIS:
02:17:09  Registers:
info registers vcpu 0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823ba131 RDI=ffffffff8765a980 RBP=ffffffff8765a940 RSP=ffff88802051f6b0
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001
R12=0000000000000020 R13=ffffffff8765a940 R14=0000000000000010 R15=ffffffff823ba120
RIP=ffffffff823ba189 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7933823700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4d8333d000 CR3=00000000104e8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525
YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=dffffc0000000000 RBX=1ffff11001b40f2c RCX=0000000000000000 RDX=ffff8880100c8000
RSI=ffffffff81bc2421 RDI=ffffffff81788f1b RBP=ffff88801d93f630 RSP=ffff88800da07918
R8 =0000000000000000 R9 =0000000000000000 R10=ffff88806c89c908 R11=0000000000000001
R12=0000000000000000 R13=ffffffff87628f00 R14=ffff88800cf5ea00 R15=0000000000000000
RIP=ffffffff81bc2433 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f0cc12fe900 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0cc06feaf0 CR3=000000000f2ee000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 494e4f544f4e4f4d 5f454352554f535f
YMM01=0000000000000000 0000000000000000 4d49545f43494e4f 544f4e4f4d5f4543
YMM02=0000000000000000 0000000000000000 3830306234386136 3036386166633561
YMM03=0000000000000000 0000000000000000 2f6c616e72756f6a 2f676f6c2f6e7572
YMM04=0000000000000000 0000000000000000 e924f0b473fbe643 0000000000150980
YMM05=0000000000000000 0000000000000000 d3fdd5f48436fbd7 00000000000aead0
YMM06=0000000000000000 0000000000000000 63d8384666127a89 00000000000ae988
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 44495f474f4c5359 530069253d595449
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0020000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000