Warning: Permanently added '[localhost]:57576' (ECDSA) to the list of known hosts.
2022/09/29 02:30:37 fuzzer started
2022/09/29 02:30:37 dialing manager at localhost:45751
syzkaller login: [   40.694803] cgroup: Unknown subsys name 'net'
[   40.799469] cgroup: Unknown subsys name 'rlimit'
2022/09/29 02:30:52 syscalls: 2215
2022/09/29 02:30:52 code coverage: enabled
2022/09/29 02:30:52 comparison tracing: enabled
2022/09/29 02:30:52 extra coverage: enabled
2022/09/29 02:30:52 setuid sandbox: enabled
2022/09/29 02:30:52 namespace sandbox: enabled
2022/09/29 02:30:52 Android sandbox: enabled
2022/09/29 02:30:52 fault injection: enabled
2022/09/29 02:30:52 leak checking: enabled
2022/09/29 02:30:52 net packet injection: enabled
2022/09/29 02:30:52 net device setup: enabled
2022/09/29 02:30:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/29 02:30:52 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/29 02:30:52 USB emulation: enabled
2022/09/29 02:30:52 hci packet injection: enabled
2022/09/29 02:30:52 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220928                                          )
2022/09/29 02:30:52 802.15.4 emulation: enabled
2022/09/29 02:30:52 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/29 02:30:52 fetching corpus: 50, signal 26695/29720 (executing program)
2022/09/29 02:30:52 fetching corpus: 100, signal 37854/41689 (executing program)
2022/09/29 02:30:52 fetching corpus: 150, signal 42211/47005 (executing program)
2022/09/29 02:30:52 fetching corpus: 200, signal 49872/55047 (executing program)
2022/09/29 02:30:52 fetching corpus: 250, signal 55931/61439 (executing program)
2022/09/29 02:30:52 fetching corpus: 300, signal 60164/66077 (executing program)
2022/09/29 02:30:53 fetching corpus: 350, signal 64890/70942 (executing program)
2022/09/29 02:30:53 fetching corpus: 400, signal 68224/74499 (executing program)
2022/09/29 02:30:53 fetching corpus: 450, signal 69759/76483 (executing program)
2022/09/29 02:30:53 fetching corpus: 500, signal 74635/80973 (executing program)
2022/09/29 02:30:53 fetching corpus: 550, signal 77124/83406 (executing program)
2022/09/29 02:30:53 fetching corpus: 600, signal 78769/85173 (executing program)
2022/09/29 02:30:53 fetching corpus: 650, signal 81836/87846 (executing program)
2022/09/29 02:30:54 fetching corpus: 700, signal 84101/89865 (executing program)
2022/09/29 02:30:54 fetching corpus: 750, signal 86337/91778 (executing program)
2022/09/29 02:30:54 fetching corpus: 800, signal 89039/93917 (executing program)
2022/09/29 02:30:54 fetching corpus: 850, signal 92360/96313 (executing program)
2022/09/29 02:30:54 fetching corpus: 900, signal 94298/97752 (executing program)
2022/09/29 02:30:54 fetching corpus: 950, signal 95426/98646 (executing program)
2022/09/29 02:30:54 fetching corpus: 1000, signal 97792/100220 (executing program)
2022/09/29 02:30:55 fetching corpus: 1050, signal 99750/101496 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102232 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102286 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102340 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102395 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102432 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102491 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102545 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102591 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102665 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102714 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102770 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102827 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102892 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/102943 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103005 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103068 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103124 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103178 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103233 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103288 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103352 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103408 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103473 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103534 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103584 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103654 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103706 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103765 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103840 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103857 (executing program)
2022/09/29 02:30:55 fetching corpus: 1080, signal 100930/103857 (executing program)
2022/09/29 02:30:57 starting 8 fuzzer processes
02:30:57 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
sendto(r0, &(0x7f0000000180)="13ec9bca675a0312598df5440806", 0xe, 0x0, &(0x7f0000000200)=@qipcrtr={0x2a, 0x3}, 0x80)

02:30:57 executing program 1:
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)

02:30:57 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x3c, &(0x7f0000000080)={0x0, 0x0}, 0x10)

02:30:57 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:30:57 executing program 4:
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SET(r0, &(0x7f0000004800)={0x0, 0x0, &(0x7f00000047c0)={&(0x7f0000004780)={0x38, 0x3e9, 0x400, 0x70bd2d, 0x0, {0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x3}, ["", "", "", "", ""]}, 0x38}}, 0x4000800)

[   60.958643] audit: type=1400 audit(1664418657.881:6): avc:  denied  { execmem } for  pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
02:30:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000580), 0x0, &(0x7f0000000640)={[{@uni_xlate}]})

02:30:57 executing program 5:
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, 0x0)
sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, 0x0, 0x20000005)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x43}})
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x43}})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080))
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, 0x0, 0x0)

02:30:57 executing program 7:
perf_event_open(&(0x7f0000000340)={0x5, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa401, 0x2}, 0x0, 0x10, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x6)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @remote}, {0x2, 0x4e21, @remote}, {0x2, 0x0, @multicast2}, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb52, 0x4})
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e23, @local}, {0x2, 0x4e20, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0xfffe})
setsockopt$inet6_int(r1, 0x29, 0xd1, 0x0, 0x0)
sendto(r2, &(0x7f0000000280)="ee3bc48c71ffa43c048897aef8d277337f04332ffb70654305187a1a01f94cf6a3218494667c7b5693e61b624e4a6a2de76244610545c7daa91f32b2550409e9e430359ba094da74e03f64690a8cb3ac93f1e81a26c00a8796b42d46a77d17267a923f700d2c4f69bae83624692d7cd3f5c8df9cf0cfa2873de584b66c4840b22c2365d9208c98d91c668a2862d689d0cb8cb3", 0x93, 0xc010, 0x0, 0x0)
ioctl$FICLONE(r1, 0x40049409, 0xffffffffffffffff)
r3 = creat(&(0x7f0000000040)='./file1\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000180)='*}\x82\x00', &(0x7f00000001c0)=')\xa5^*.@4\'#\x00', 0x0)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r2)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='/#\x00', &(0x7f0000000040)=')\x00', 0x0)
r4 = dup(r0)
socket$inet_udp(0x2, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x7b1ca8cb, @mcast2}, 0x28)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000002880), 0x4000101, 0x0)

[   62.278886] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.281189] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.282203] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.285793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.288024] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   62.290644] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.292735] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.295425] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.311859] Bluetooth: hci1: HCI_REQ-0x0c1a
[   62.312415] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.318988] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.321003] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   62.335470] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.356117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.358049] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   62.362902] Bluetooth: hci0: HCI_REQ-0x0c1a
[   62.363960] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   62.365426] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   62.370624] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   62.371653] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.373395] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   62.374572] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.375959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   62.377461] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   62.378503] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   62.378620] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.379796] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   62.380694] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   62.380805] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   62.382637] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   62.384335] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   62.385090] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   62.386556] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.387577] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   62.388629] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   62.389512] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   62.391194] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   62.392860] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   62.393785] Bluetooth: hci2: HCI_REQ-0x0c1a
[   62.399444] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   62.400954] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   62.401354] Bluetooth: hci4: HCI_REQ-0x0c1a
[   62.402013] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   62.405402] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   62.406103] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   62.407911] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   62.409965] Bluetooth: hci5: HCI_REQ-0x0c1a
[   62.414217] Bluetooth: hci7: HCI_REQ-0x0c1a
[   62.417248] Bluetooth: hci6: HCI_REQ-0x0c1a
[   64.344356] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   64.409632] Bluetooth: hci0: command 0x0409 tx timeout
[   64.409777] Bluetooth: hci1: command 0x0409 tx timeout
[   64.410622] Bluetooth: hci2: command 0x0409 tx timeout
[   64.472418] Bluetooth: hci7: command 0x0409 tx timeout
[   64.472487] Bluetooth: hci6: command 0x0409 tx timeout
[   64.474406] Bluetooth: hci5: command 0x0409 tx timeout
[   64.475792] Bluetooth: hci4: command 0x0409 tx timeout
[   66.456435] Bluetooth: hci2: command 0x041b tx timeout
[   66.457058] Bluetooth: hci1: command 0x041b tx timeout
[   66.457687] Bluetooth: hci0: command 0x041b tx timeout
[   66.520346] Bluetooth: hci5: command 0x041b tx timeout
[   66.520899] Bluetooth: hci6: command 0x041b tx timeout
[   66.521489] Bluetooth: hci7: command 0x041b tx timeout
[   66.522061] Bluetooth: hci4: command 0x041b tx timeout
[   68.504321] Bluetooth: hci0: command 0x040f tx timeout
[   68.504378] Bluetooth: hci1: command 0x040f tx timeout
[   68.504883] Bluetooth: hci2: command 0x040f tx timeout
[   68.568345] Bluetooth: hci4: command 0x040f tx timeout
[   68.568386] Bluetooth: hci7: command 0x040f tx timeout
[   68.569847] Bluetooth: hci6: command 0x040f tx timeout
[   68.569876] Bluetooth: hci5: command 0x040f tx timeout
[   69.593327] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   70.552313] Bluetooth: hci2: command 0x0419 tx timeout
[   70.552945] Bluetooth: hci1: command 0x0419 tx timeout
[   70.553885] Bluetooth: hci0: command 0x0419 tx timeout
[   70.616359] Bluetooth: hci7: command 0x0419 tx timeout
[   70.616963] Bluetooth: hci5: command 0x0419 tx timeout
[   70.617572] Bluetooth: hci6: command 0x0419 tx timeout
[   70.618144] Bluetooth: hci4: command 0x0419 tx timeout
[   74.201615] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   76.900105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   76.905112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   76.928627] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   76.955487] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   76.959121] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   76.962992] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   76.975592] Bluetooth: hci3: HCI_REQ-0x0c1a
[   79.064381] Bluetooth: hci3: command 0x0409 tx timeout
[   81.113380] Bluetooth: hci3: command 0x041b tx timeout
[   83.161314] Bluetooth: hci3: command 0x040f tx timeout
[   85.209410] Bluetooth: hci3: command 0x0419 tx timeout
[  124.189500] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  124.192413] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  124.194925] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  124.199691] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  124.203637] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  124.205570] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  124.211838] Bluetooth: hci0: HCI_REQ-0x0c1a
[  124.254025] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  124.273556] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  124.284535] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  124.292033] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  124.300137] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  124.302942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  124.309384] Bluetooth: hci1: HCI_REQ-0x0c1a
[  124.531540] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  124.533168] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  124.643495] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  124.656735] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  124.657697] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  124.670194] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  124.680046] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  124.680875] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  124.702548] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  124.724503] Bluetooth: hci4: HCI_REQ-0x0c1a
[  124.733509] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  124.743705] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  124.745770] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  124.761806] Bluetooth: hci7: HCI_REQ-0x0c1a
[  126.232372] Bluetooth: hci0: command 0x0409 tx timeout
[  126.361344] Bluetooth: hci1: command 0x0409 tx timeout
[  126.553558] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  126.556030] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  126.616359] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  126.745371] Bluetooth: hci4: command 0x0409 tx timeout
[  126.808414] Bluetooth: hci7: command 0x0409 tx timeout
[  128.282782] Bluetooth: hci0: command 0x041b tx timeout
[  128.408279] Bluetooth: hci1: command 0x041b tx timeout
[  128.792272] Bluetooth: hci4: command 0x041b tx timeout
[  128.856780] Bluetooth: hci7: command 0x041b tx timeout
[  129.504836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  129.511398] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  129.516744] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  129.524084] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  129.525154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  129.525965] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  129.526891] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  129.528439] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  129.529274] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  129.529988] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  129.532447] Bluetooth: hci6: HCI_REQ-0x0c1a
[  129.578393] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  129.580121] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  129.631712] Bluetooth: hci5: HCI_REQ-0x0c1a
[  130.328310] Bluetooth: hci0: command 0x040f tx timeout
[  130.456318] Bluetooth: hci1: command 0x040f tx timeout
[  130.840313] Bluetooth: hci4: command 0x040f tx timeout
[  130.904471] Bluetooth: hci7: command 0x040f tx timeout
[  131.416319] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  131.545391] Bluetooth: hci6: command 0x0409 tx timeout
[  131.673324] Bluetooth: hci5: command 0x0409 tx timeout
[  132.377295] Bluetooth: hci0: command 0x0419 tx timeout
[  132.505329] Bluetooth: hci1: command 0x0419 tx timeout
[  132.889394] Bluetooth: hci4: command 0x0419 tx timeout
[  132.953285] Bluetooth: hci7: command 0x0419 tx timeout
[  133.592335] Bluetooth: hci6: command 0x041b tx timeout
[  133.720432] Bluetooth: hci5: command 0x041b tx timeout
[  133.959052] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  133.975921] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  133.979890] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  133.999421] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  134.012450] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  134.016831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  134.044437] Bluetooth: hci2: HCI_REQ-0x0c1a
[  135.640290] Bluetooth: hci6: command 0x040f tx timeout
[  135.768272] Bluetooth: hci5: command 0x040f tx timeout
[  136.088306] Bluetooth: hci2: command 0x0409 tx timeout
[  137.688298] Bluetooth: hci6: command 0x0419 tx timeout
[  137.816710] Bluetooth: hci5: command 0x0419 tx timeout
[  138.136344] Bluetooth: hci2: command 0x041b tx timeout
[  140.120483] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  140.184313] Bluetooth: hci2: command 0x040f tx timeout
[  142.232434] Bluetooth: hci2: command 0x0419 tx timeout
[  142.684713] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  142.686945] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  142.688204] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  142.690911] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  142.692613] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  142.693902] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  142.698681] Bluetooth: hci3: HCI_REQ-0x0c1a
[  144.729312] Bluetooth: hci3: command 0x0409 tx timeout
[  146.776312] Bluetooth: hci3: command 0x041b tx timeout
[  148.825274] Bluetooth: hci3: command 0x040f tx timeout
[  150.872326] Bluetooth: hci3: command 0x0419 tx timeout
02:33:00 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:00 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:00 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:00 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:00 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:00 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:01 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:01 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

[  186.163141] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  186.172904] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  186.194886] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  186.204908] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  186.210779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  186.214836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  186.223819] Bluetooth: hci0: HCI_REQ-0x0c1a
[  186.330920] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  186.335423] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  186.341718] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  186.346435] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  186.349555] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  186.350856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  186.355176] Bluetooth: hci1: HCI_REQ-0x0c1a
[  186.493036] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  186.504646] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  186.506938] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  186.516655] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  186.521477] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  186.522979] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  186.538424] Bluetooth: hci4: HCI_REQ-0x0c1a
[  187.486138] audit: type=1400 audit(1664418784.408:7): avc:  denied  { open } for  pid=6681 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  187.487648] audit: type=1400 audit(1664418784.408:8): avc:  denied  { kernel } for  pid=6681 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  187.494022] ------------[ cut here ]------------
[  187.494042] 
[  187.494045] ======================================================
[  187.494049] WARNING: possible circular locking dependency detected
[  187.494053] 6.0.0-rc7-next-20220928 #1 Not tainted
[  187.494061] ------------------------------------------------------
[  187.494064] syz-executor.7/6683 is trying to acquire lock:
[  187.494071] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  187.494114] 
[  187.494114] but task is already holding lock:
[  187.494117] ffff88800dabbc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  187.494147] 
[  187.494147] which lock already depends on the new lock.
[  187.494147] 
[  187.494150] 
[  187.494150] the existing dependency chain (in reverse order) is:
[  187.494153] 
[  187.494153] -> #3 (&ctx->lock){....}-{2:2}:
[  187.494167]        _raw_spin_lock+0x2a/0x40
[  187.494181]        __perf_event_task_sched_out+0x53b/0x18d0
[  187.494194]        __schedule+0xedd/0x2470
[  187.494211]        schedule+0xda/0x1b0
[  187.494228]        futex_wait_queue+0xf5/0x1e0
[  187.494241]        futex_wait+0x28e/0x690
[  187.494252]        do_futex+0x2ff/0x380
[  187.494262]        __x64_sys_futex+0x1c6/0x4d0
[  187.494272]        do_syscall_64+0x3b/0x90
[  187.494283]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  187.494299] 
[  187.494299] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  187.494313]        _raw_spin_lock_nested+0x30/0x40
[  187.494326]        raw_spin_rq_lock_nested+0x1e/0x30
[  187.494340]        task_fork_fair+0x63/0x4d0
[  187.494358]        sched_cgroup_fork+0x3d0/0x540
[  187.494373]        copy_process+0x4183/0x6e20
[  187.494384]        kernel_clone+0xe7/0x890
[  187.494394]        user_mode_thread+0xad/0xf0
[  187.494405]        rest_init+0x24/0x250
[  187.494419]        arch_call_rest_init+0xf/0x14
[  187.494440]        start_kernel+0x4c6/0x4eb
[  187.494458]        secondary_startup_64_no_verify+0xe0/0xeb
[  187.494473] 
[  187.494473] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  187.494487]        _raw_spin_lock_irqsave+0x39/0x60
[  187.494500]        try_to_wake_up+0xab/0x1930
[  187.494514]        up+0x75/0xb0
[  187.494532]        __up_console_sem+0x6e/0x80
[  187.494549]        console_unlock+0x46a/0x590
[  187.494567]        do_con_write+0xc05/0x1d50
[  187.494580]        con_write+0x21/0x40
[  187.494591]        n_tty_write+0x4d4/0xfe0
[  187.494606]        file_tty_write.constprop.0+0x455/0x8a0
[  187.494620]        vfs_write+0x9c3/0xd90
[  187.494640]        ksys_write+0x127/0x250
[  187.494649]        do_syscall_64+0x3b/0x90
[  187.494660]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  187.494676] 
[  187.494676] -> #0 ((console_sem).lock){....}-{2:2}:
[  187.494690]        __lock_acquire+0x2a02/0x5e70
[  187.494708]        lock_acquire+0x1a2/0x530
[  187.494726]        _raw_spin_lock_irqsave+0x39/0x60
[  187.494739]        down_trylock+0xe/0x70
[  187.494757]        __down_trylock_console_sem+0x3b/0xd0
[  187.494775]        vprintk_emit+0x16b/0x560
[  187.494793]        vprintk+0x84/0xa0
[  187.494811]        _printk+0xba/0xf1
[  187.494825]        report_bug.cold+0x72/0xab
[  187.494835]        handle_bug+0x3c/0x70
[  187.494845]        exc_invalid_op+0x14/0x50
[  187.494856]        asm_exc_invalid_op+0x16/0x20
[  187.494871]        group_sched_out.part.0+0x2c7/0x460
[  187.494882]        ctx_sched_out+0x8f1/0xc10
[  187.494893]        __perf_event_task_sched_out+0x6d0/0x18d0
[  187.494906]        __schedule+0xedd/0x2470
[  187.494923]        schedule+0xda/0x1b0
[  187.494940]        futex_wait_queue+0xf5/0x1e0
[  187.494951]        futex_wait+0x28e/0x690
[  187.494962]        do_futex+0x2ff/0x380
[  187.494972]        __x64_sys_futex+0x1c6/0x4d0
[  187.494982]        do_syscall_64+0x3b/0x90
[  187.494993]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  187.495008] 
[  187.495008] other info that might help us debug this:
[  187.495008] 
[  187.495011] Chain exists of:
[  187.495011]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  187.495011] 
[  187.495026]  Possible unsafe locking scenario:
[  187.495026] 
[  187.495028]        CPU0                    CPU1
[  187.495031]        ----                    ----
[  187.495033]   lock(&ctx->lock);
[  187.495039]                                lock(&rq->__lock);
[  187.495046]                                lock(&ctx->lock);
[  187.495052]   lock((console_sem).lock);
[  187.495058] 
[  187.495058]  *** DEADLOCK ***
[  187.495058] 
[  187.495060] 2 locks held by syz-executor.7/6683:
[  187.495067]  #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  187.495100]  #1: ffff88800dabbc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  187.495130] 
[  187.495130] stack backtrace:
[  187.495133] CPU: 1 PID: 6683 Comm: syz-executor.7 Not tainted 6.0.0-rc7-next-20220928 #1
[  187.495146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  187.495154] Call Trace:
[  187.495157]  <TASK>
[  187.495161]  dump_stack_lvl+0x8b/0xb3
[  187.495173]  check_noncircular+0x263/0x2e0
[  187.495192]  ? format_decode+0x26c/0xb50
[  187.495211]  ? print_circular_bug+0x450/0x450
[  187.495230]  ? enable_ptr_key_workfn+0x20/0x20
[  187.495249]  ? __lockdep_reset_lock+0x180/0x180
[  187.495268]  ? format_decode+0x26c/0xb50
[  187.495289]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  187.495308]  __lock_acquire+0x2a02/0x5e70
[  187.495341]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  187.495366]  lock_acquire+0x1a2/0x530
[  187.495385]  ? down_trylock+0xe/0x70
[  187.495406]  ? lock_release+0x750/0x750
[  187.495424]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  187.495448]  ? vprintk+0x84/0xa0
[  187.495468]  _raw_spin_lock_irqsave+0x39/0x60
[  187.495485]  ? down_trylock+0xe/0x70
[  187.495507]  down_trylock+0xe/0x70
[  187.495527]  ? vprintk+0x84/0xa0
[  187.495546]  __down_trylock_console_sem+0x3b/0xd0
[  187.495565]  vprintk_emit+0x16b/0x560
[  187.495584]  ? lock_downgrade+0x6d0/0x6d0
[  187.495604]  vprintk+0x84/0xa0
[  187.495624]  _printk+0xba/0xf1
[  187.495638]  ? record_print_text.cold+0x16/0x16
[  187.495655]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  187.495670]  ? lock_downgrade+0x6d0/0x6d0
[  187.495689]  ? report_bug.cold+0x66/0xab
[  187.495701]  ? group_sched_out.part.0+0x2c7/0x460
[  187.495714]  report_bug.cold+0x72/0xab
[  187.495727]  handle_bug+0x3c/0x70
[  187.495739]  exc_invalid_op+0x14/0x50
[  187.495751]  asm_exc_invalid_op+0x16/0x20
[  187.495766] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  187.495781] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  187.495792] RSP: 0018:ffff88803ec078f8 EFLAGS: 00010006
[  187.495802] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  187.495810] RDX: ffff88801c1b5040 RSI: ffffffff815662f7 RDI: 0000000000000005
[  187.495818] RBP: ffff88801db80000 R08: 0000000000000005 R09: 0000000000000001
[  187.495826] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800dabbc00
[  187.495833] R13: ffff88806cf3d140 R14: ffffffff8547c860 R15: 0000000000000002
[  187.495845]  ? group_sched_out.part.0+0x2c7/0x460
[  187.495859]  ? group_sched_out.part.0+0x2c7/0x460
[  187.495874]  ctx_sched_out+0x8f1/0xc10
[  187.495888]  __perf_event_task_sched_out+0x6d0/0x18d0
[  187.495905]  ? lock_is_held_type+0xd7/0x130
[  187.495921]  ? __perf_cgroup_move+0x160/0x160
[  187.495935]  ? set_next_entity+0x304/0x550
[  187.495957]  ? lock_is_held_type+0xd7/0x130
[  187.495974]  __schedule+0xedd/0x2470
[  187.495995]  ? io_schedule_timeout+0x150/0x150
[  187.496014]  ? futex_wait_setup+0x166/0x230
[  187.496029]  schedule+0xda/0x1b0
[  187.496048]  futex_wait_queue+0xf5/0x1e0
[  187.496061]  futex_wait+0x28e/0x690
[  187.496075]  ? futex_wait_setup+0x230/0x230
[  187.496089]  ? wake_up_q+0x8b/0xf0
[  187.496104]  ? do_raw_spin_unlock+0x4f/0x220
[  187.496125]  ? futex_wake+0x158/0x490
[  187.496141]  ? lock_downgrade+0x6d0/0x6d0
[  187.496160]  ? lock_is_held_type+0xd7/0x130
[  187.496178]  do_futex+0x2ff/0x380
[  187.496190]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  187.496203]  ? ktime_get+0x153/0x1f0
[  187.496222]  __x64_sys_futex+0x1c6/0x4d0
[  187.496234]  ? hrtimer_interrupt+0x5b0/0x770
[  187.496249]  ? __x64_sys_futex_time32+0x480/0x480
[  187.496263]  ? syscall_enter_from_user_mode+0x1d/0x50
[  187.496279]  ? syscall_enter_from_user_mode+0x1d/0x50
[  187.496298]  do_syscall_64+0x3b/0x90
[  187.496310]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  187.496326] RIP: 0033:0x7fe7280eeb19
[  187.496335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  187.496346] RSP: 002b:00007fe725664218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  187.496357] RAX: ffffffffffffffda RBX: 00007fe728201f68 RCX: 00007fe7280eeb19
[  187.496366] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe728201f68
[  187.496373] RBP: 00007fe728201f60 R08: 0000000000000000 R09: 0000000000000000
[  187.496381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe728201f6c
[  187.496388] R13: 00007ffe65da984f R14: 00007fe725664300 R15: 0000000000022000
[  187.496402]  </TASK>
[  187.558994] WARNING: CPU: 1 PID: 6683 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  187.559685] Modules linked in:
[  187.559929] CPU: 1 PID: 6683 Comm: syz-executor.7 Not tainted 6.0.0-rc7-next-20220928 #1
[  187.560521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  187.561341] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  187.561745] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  187.563060] RSP: 0018:ffff88803ec078f8 EFLAGS: 00010006
[  187.563472] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  187.563998] RDX: ffff88801c1b5040 RSI: ffffffff815662f7 RDI: 0000000000000005
[  187.564518] RBP: ffff88801db80000 R08: 0000000000000005 R09: 0000000000000001
[  187.565037] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800dabbc00
[  187.565565] R13: ffff88806cf3d140 R14: ffffffff8547c860 R15: 0000000000000002
[  187.566095] FS:  00007fe725664700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  187.566681] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  187.567112] CR2: 00007f2ceb3ed270 CR3: 000000001c230000 CR4: 0000000000350ee0
[  187.567642] Call Trace:
[  187.567835]  <TASK>
[  187.568009]  ctx_sched_out+0x8f1/0xc10
[  187.568305]  __perf_event_task_sched_out+0x6d0/0x18d0
[  187.568695]  ? lock_is_held_type+0xd7/0x130
[  187.569027]  ? __perf_cgroup_move+0x160/0x160
[  187.569363]  ? set_next_entity+0x304/0x550
[  187.569689]  ? lock_is_held_type+0xd7/0x130
[  187.570019]  __schedule+0xedd/0x2470
[  187.570307]  ? io_schedule_timeout+0x150/0x150
[  187.570656]  ? futex_wait_setup+0x166/0x230
[  187.570981]  schedule+0xda/0x1b0
[  187.571242]  futex_wait_queue+0xf5/0x1e0
[  187.571556]  futex_wait+0x28e/0x690
[  187.571837]  ? futex_wait_setup+0x230/0x230
[  187.572163]  ? wake_up_q+0x8b/0xf0
[  187.572435]  ? do_raw_spin_unlock+0x4f/0x220
[  187.572773]  ? futex_wake+0x158/0x490
[  187.573065]  ? lock_downgrade+0x6d0/0x6d0
[  187.573378]  ? lock_is_held_type+0xd7/0x130
[  187.573703]  do_futex+0x2ff/0x380
[  187.573968]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  187.574390]  ? ktime_get+0x153/0x1f0
[  187.574683]  __x64_sys_futex+0x1c6/0x4d0
[  187.574988]  ? hrtimer_interrupt+0x5b0/0x770
[  187.575321]  ? __x64_sys_futex_time32+0x480/0x480
[  187.575703]  ? syscall_enter_from_user_mode+0x1d/0x50
[  187.576090]  ? syscall_enter_from_user_mode+0x1d/0x50
[  187.576482]  do_syscall_64+0x3b/0x90
[  187.576762]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  187.577150] RIP: 0033:0x7fe7280eeb19
[  187.577431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  187.578758] RSP: 002b:00007fe725664218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  187.579314] RAX: ffffffffffffffda RBX: 00007fe728201f68 RCX: 00007fe7280eeb19
[  187.579847] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe728201f68
[  187.580374] RBP: 00007fe728201f60 R08: 0000000000000000 R09: 0000000000000000
[  187.580895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe728201f6c
[  187.581419] R13: 00007ffe65da984f R14: 00007fe725664300 R15: 0000000000022000
[  187.581945]  </TASK>
[  187.582124] irq event stamp: 484
[  187.582378] hardirqs last  enabled at (483): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
[  187.583090] hardirqs last disabled at (484): [<ffffffff842598f5>] __schedule+0x1225/0x2470
[  187.583710] softirqs last  enabled at (456): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  187.584334] softirqs last disabled at (441): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  187.584966] ---[ end trace 0000000000000000 ]---
[  188.248268] Bluetooth: hci0: command 0x0409 tx timeout
[  188.376262] Bluetooth: hci1: command 0x0409 tx timeout
[  188.569354] Bluetooth: hci4: command 0x0409 tx timeout
[  190.296358] Bluetooth: hci0: command 0x041b tx timeout
[  190.424333] Bluetooth: hci1: command 0x041b tx timeout
[  190.616320] Bluetooth: hci4: command 0x041b tx timeout
[  192.344302] Bluetooth: hci0: command 0x040f tx timeout
[  192.472266] Bluetooth: hci1: command 0x040f tx timeout
[  192.536292] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  192.664301] Bluetooth: hci4: command 0x040f tx timeout
[  193.526306] FAT-fs (loop6): bogus number of reserved sectors
[  193.526769] FAT-fs (loop6): Can't find a valid FAT filesystem
[  193.546085] FAT-fs (loop6): bogus number of reserved sectors
[  193.546556] FAT-fs (loop6): Can't find a valid FAT filesystem
[  194.393269] Bluetooth: hci0: command 0x0419 tx timeout
[  194.520267] Bluetooth: hci1: command 0x0419 tx timeout
[  194.712307] Bluetooth: hci4: command 0x0419 tx timeout
[  196.889261] Bluetooth: hci5: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
02:33:04  Registers:
info registers vcpu 0
RAX=0000000080000001 RBX=800000003deea065 RCX=ffffffff816cf948 RDX=ffff88801a548000
RSI=0000000000000000 RDI=0000000000000007 RBP=0000000000000001 RSP=ffff88802d56fa28
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=800000003deea067 R13=00007f38890ee000 R14=ffff888039bfd770 R15=0000000000000000
RIP=ffffffff81460ca7 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f3888c33540 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbd2578a310 CR3=0000000034f9a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 00ff000000000000 00000000000000ff
YMM01=0000000000000000 0000000000000000 ff00ffffffffffff ffffffffffffff00
YMM02=0000000000000000 0000000000000000 4f0063305f315f31 5f4c53534e45504f
YMM03=0000000000000000 0000000000000000 000000000000314e 5341006c756f7472
YMM04=0000000000000000 0000000000000000 65675f454c424154 5f474e495254535f
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff823ba0ac RDI=ffffffff8765a980 RBP=ffffffff8765a940 RSP=ffff88803ec072e8
R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001
R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ecb580 R15=dffffc0000000000
RIP=ffffffff823ba101 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fe725664700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2ceb3ed270 CR3=000000001c230000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fe7281d57c0 00007fe7281d57c8
YMM02=0000000000000000 0000000000000000 00007fe7281d57e0 00007fe7281d57c0
YMM03=0000000000000000 0000000000000000 00007fe7281d57c8 00007fe7281d57c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000