Warning: Permanently added '[localhost]:53541' (ECDSA) to the list of known hosts.
2022/09/13 13:01:57 fuzzer started
2022/09/13 13:01:57 dialing manager at localhost:36597
syzkaller login: [   35.419738] cgroup: Unknown subsys name 'net'
[   35.502515] cgroup: Unknown subsys name 'rlimit'
2022/09/13 13:02:11 syscalls: 2215
2022/09/13 13:02:11 code coverage: enabled
2022/09/13 13:02:11 comparison tracing: enabled
2022/09/13 13:02:11 extra coverage: enabled
2022/09/13 13:02:11 setuid sandbox: enabled
2022/09/13 13:02:11 namespace sandbox: enabled
2022/09/13 13:02:11 Android sandbox: enabled
2022/09/13 13:02:11 fault injection: enabled
2022/09/13 13:02:11 leak checking: enabled
2022/09/13 13:02:11 net packet injection: enabled
2022/09/13 13:02:11 net device setup: enabled
2022/09/13 13:02:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/13 13:02:11 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/13 13:02:11 USB emulation: enabled
2022/09/13 13:02:11 hci packet injection: enabled
2022/09/13 13:02:11 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913                                          )
2022/09/13 13:02:11 802.15.4 emulation: enabled
2022/09/13 13:02:11 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/13 13:02:11 fetching corpus: 50, signal 36114/38474 (executing program)
2022/09/13 13:02:11 fetching corpus: 100, signal 46886/49657 (executing program)
2022/09/13 13:02:12 fetching corpus: 150, signal 56014/58767 (executing program)
2022/09/13 13:02:12 fetching corpus: 200, signal 65538/67907 (executing program)
2022/09/13 13:02:12 fetching corpus: 250, signal 75146/76666 (executing program)
2022/09/13 13:02:12 fetching corpus: 300, signal 81236/82031 (executing program)
2022/09/13 13:02:12 fetching corpus: 312, signal 82740/83361 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83457 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83534 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83617 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83701 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83783 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83852 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83929 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/83993 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84083 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84172 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84267 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84365 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84443 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84535 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84612 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84707 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84789 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84866 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/84948 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85026 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85136 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85208 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85292 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85379 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85465 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85545 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85629 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85715 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85818 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85893 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/85980 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/86062 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/86146 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/86234 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/86247 (executing program)
2022/09/13 13:02:13 fetching corpus: 312, signal 82740/86247 (executing program)
2022/09/13 13:02:16 starting 8 fuzzer processes
13:02:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendfile(r1, r0, 0x0, 0x80000001)

13:02:16 executing program 1:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000040)={0x0, 0x40})

13:02:16 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000002000)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000001f00)={0x18, 0x0, 0x4, 0x301, 0x0, 0x0, {}, [@nested={0x4, 0x6e}]}, 0x18}}, 0x0)

13:02:16 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000009c0)='loginuid\x00')
write$tun(r0, 0x0, 0x0)

13:02:16 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x35, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{}]}, 0x10)

[   53.982284] audit: type=1400 audit(1663074136.167:6): avc:  denied  { execmem } for  pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
13:02:16 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$sock_int(r0, 0x1, 0x30, 0x0, &(0x7f0000000080))

13:02:16 executing program 5:
memfd_create(0x0, 0x9)

13:02:16 executing program 6:
syslog(0x3, &(0x7f0000000080), 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
ioprio_get$pid(0x2, 0x0)

[   55.326192] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.328011] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.330252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.332324] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.334205] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.337246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.339129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   55.340269] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.341515] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.343152] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.344489] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.345577] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.363559] Bluetooth: hci1: HCI_REQ-0x0c1a
[   55.371440] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   55.373188] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   55.375094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   55.376161] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   55.378101] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   55.379127] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   55.382824] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   55.383958] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   55.387797] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   55.388841] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   55.390168] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   55.393790] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   55.406823] Bluetooth: hci6: HCI_REQ-0x0c1a
[   55.412184] Bluetooth: hci4: HCI_REQ-0x0c1a
[   55.428281] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   55.430227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   55.432383] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.432410] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.433585] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   55.435773] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   55.436849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   55.438189] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   55.438359] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   55.440471] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   55.442394] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   55.444562] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   55.445554] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   55.447196] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   55.448921] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   55.450196] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.455290] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   55.456774] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.467450] Bluetooth: hci5: HCI_REQ-0x0c1a
[   55.474193] Bluetooth: hci0: HCI_REQ-0x0c1a
[   55.475003] Bluetooth: hci3: HCI_REQ-0x0c1a
[   55.510283] Bluetooth: hci2: HCI_REQ-0x0c1a
[   55.592271] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   55.622510] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   55.628326] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   55.641966] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   55.647941] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   55.657269] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   55.665247] Bluetooth: hci7: HCI_REQ-0x0c1a
[   57.405085] Bluetooth: hci1: command 0x0409 tx timeout
[   57.468647] Bluetooth: hci4: command 0x0409 tx timeout
[   57.468687] Bluetooth: hci6: command 0x0409 tx timeout
[   57.532688] Bluetooth: hci0: command 0x0409 tx timeout
[   57.532858] Bluetooth: hci2: command 0x0409 tx timeout
[   57.533546] Bluetooth: hci3: command 0x0409 tx timeout
[   57.533934] Bluetooth: hci5: command 0x0409 tx timeout
[   57.724753] Bluetooth: hci7: command 0x0409 tx timeout
[   59.453761] Bluetooth: hci1: command 0x041b tx timeout
[   59.516773] Bluetooth: hci4: command 0x041b tx timeout
[   59.516905] Bluetooth: hci6: command 0x041b tx timeout
[   59.580752] Bluetooth: hci3: command 0x041b tx timeout
[   59.581575] Bluetooth: hci2: command 0x041b tx timeout
[   59.582223] Bluetooth: hci5: command 0x041b tx timeout
[   59.582769] Bluetooth: hci0: command 0x041b tx timeout
[   59.773716] Bluetooth: hci7: command 0x041b tx timeout
[   61.501678] Bluetooth: hci1: command 0x040f tx timeout
[   61.565781] Bluetooth: hci6: command 0x040f tx timeout
[   61.567155] Bluetooth: hci4: command 0x040f tx timeout
[   61.628683] Bluetooth: hci0: command 0x040f tx timeout
[   61.628717] Bluetooth: hci5: command 0x040f tx timeout
[   61.630785] Bluetooth: hci2: command 0x040f tx timeout
[   61.631575] Bluetooth: hci3: command 0x040f tx timeout
[   61.821680] Bluetooth: hci7: command 0x040f tx timeout
[   63.549314] Bluetooth: hci1: command 0x0419 tx timeout
[   63.613001] Bluetooth: hci4: command 0x0419 tx timeout
[   63.613462] Bluetooth: hci6: command 0x0419 tx timeout
[   63.676692] Bluetooth: hci0: command 0x0419 tx timeout
[   63.676739] Bluetooth: hci3: command 0x0419 tx timeout
[   63.678334] Bluetooth: hci2: command 0x0419 tx timeout
[   63.678993] Bluetooth: hci5: command 0x0419 tx timeout
[   63.868724] Bluetooth: hci7: command 0x0419 tx timeout
13:03:12 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$sock_int(r0, 0x1, 0x30, 0x0, &(0x7f0000000080))

13:03:12 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$sock_int(r0, 0x1, 0x30, 0x0, &(0x7f0000000080))

13:03:12 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$sock_int(r0, 0x1, 0x30, 0x0, &(0x7f0000000080))

13:03:12 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, r0, 0x0, 0x100000)

[  110.740963] audit: type=1400 audit(1663074192.925:7): avc:  denied  { open } for  pid=3744 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  110.743738] audit: type=1400 audit(1663074192.925:8): avc:  denied  { kernel } for  pid=3744 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  110.771570] ------------[ cut here ]------------
[  110.771606] 
[  110.771611] ======================================================
[  110.771617] WARNING: possible circular locking dependency detected
[  110.771624] 6.0.0-rc5-next-20220913 #1 Not tainted
[  110.771635] ------------------------------------------------------
[  110.771641] syz-executor.7/3745 is trying to acquire lock:
[  110.771652] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  110.771712] 
[  110.771712] but task is already holding lock:
[  110.771717] ffff88800db3d020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  110.771765] 
[  110.771765] which lock already depends on the new lock.
[  110.771765] 
[  110.771770] 
[  110.771770] the existing dependency chain (in reverse order) is:
[  110.771776] 
[  110.771776] -> #3 (&ctx->lock){....}-{2:2}:
[  110.771801]        _raw_spin_lock+0x2a/0x40
[  110.771831]        __perf_event_task_sched_out+0x53b/0x18d0
[  110.771854]        __schedule+0xedd/0x2470
[  110.771872]        schedule+0xda/0x1b0
[  110.771889]        exit_to_user_mode_prepare+0x114/0x1a0
[  110.771926]        syscall_exit_to_user_mode+0x19/0x40
[  110.771958]        do_syscall_64+0x48/0x90
[  110.771983]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.772014] 
[  110.772014] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  110.772040]        _raw_spin_lock_nested+0x30/0x40
[  110.772067]        raw_spin_rq_lock_nested+0x1e/0x30
[  110.772090]        task_fork_fair+0x63/0x4d0
[  110.772122]        sched_cgroup_fork+0x3d0/0x540
[  110.772148]        copy_process+0x3f9e/0x6df0
[  110.772166]        kernel_clone+0xe7/0x890
[  110.772183]        user_mode_thread+0xad/0xf0
[  110.772202]        rest_init+0x24/0x250
[  110.772233]        arch_call_rest_init+0xf/0x14
[  110.772268]        start_kernel+0x4c1/0x4e6
[  110.772300]        secondary_startup_64_no_verify+0xe0/0xeb
[  110.772325] 
[  110.772325] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  110.772350]        _raw_spin_lock_irqsave+0x39/0x60
[  110.772378]        try_to_wake_up+0xab/0x1920
[  110.772402]        up+0x75/0xb0
[  110.772424]        __up_console_sem+0x6e/0x80
[  110.772452]        console_unlock+0x46a/0x590
[  110.772482]        vt_ioctl+0x2822/0x2ca0
[  110.772504]        tty_ioctl+0x7c4/0x1700
[  110.772524]        __x64_sys_ioctl+0x19a/0x210
[  110.772551]        do_syscall_64+0x3b/0x90
[  110.772575]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.772607] 
[  110.772607] -> #0 ((console_sem).lock){....}-{2:2}:
[  110.772632]        __lock_acquire+0x2a02/0x5e70
[  110.772663]        lock_acquire+0x1a2/0x530
[  110.772693]        _raw_spin_lock_irqsave+0x39/0x60
[  110.772721]        down_trylock+0xe/0x70
[  110.772743]        __down_trylock_console_sem+0x3b/0xd0
[  110.772774]        vprintk_emit+0x16b/0x560
[  110.772805]        vprintk+0x84/0xa0
[  110.772835]        _printk+0xba/0xf1
[  110.772867]        report_bug.cold+0x72/0xab
[  110.772889]        handle_bug+0x3c/0x70
[  110.772913]        exc_invalid_op+0x14/0x50
[  110.772938]        asm_exc_invalid_op+0x16/0x20
[  110.772968]        group_sched_out.part.0+0x2c7/0x460
[  110.772987]        ctx_sched_out+0x8f1/0xc10
[  110.773005]        __perf_event_task_sched_out+0x6d0/0x18d0
[  110.773027]        __schedule+0xedd/0x2470
[  110.773045]        schedule+0xda/0x1b0
[  110.773062]        exit_to_user_mode_prepare+0x114/0x1a0
[  110.773098]        syscall_exit_to_user_mode+0x19/0x40
[  110.773130]        do_syscall_64+0x48/0x90
[  110.773154]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.773186] 
[  110.773186] other info that might help us debug this:
[  110.773186] 
[  110.773191] Chain exists of:
[  110.773191]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  110.773191] 
[  110.773218]  Possible unsafe locking scenario:
[  110.773218] 
[  110.773222]        CPU0                    CPU1
[  110.773226]        ----                    ----
[  110.773230]   lock(&ctx->lock);
[  110.773240]                                lock(&rq->__lock);
[  110.773252]                                lock(&ctx->lock);
[  110.773263]   lock((console_sem).lock);
[  110.773274] 
[  110.773274]  *** DEADLOCK ***
[  110.773274] 
[  110.773277] 2 locks held by syz-executor.7/3745:
[  110.773290]  #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  110.773337]  #1: ffff88800db3d020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  110.773388] 
[  110.773388] stack backtrace:
[  110.773392] CPU: 1 PID: 3745 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220913 #1
[  110.773415] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  110.773431] Call Trace:
[  110.773436]  <TASK>
[  110.773443]  dump_stack_lvl+0x8b/0xb3
[  110.773469]  check_noncircular+0x263/0x2e0
[  110.773501]  ? format_decode+0x26c/0xb50
[  110.773527]  ? print_circular_bug+0x450/0x450
[  110.773559]  ? enable_ptr_key_workfn+0x20/0x20
[  110.773587]  ? format_decode+0x26c/0xb50
[  110.773616]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  110.773649]  __lock_acquire+0x2a02/0x5e70
[  110.773690]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  110.773732]  lock_acquire+0x1a2/0x530
[  110.773764]  ? down_trylock+0xe/0x70
[  110.773791]  ? rcu_read_unlock+0x40/0x40
[  110.773830]  ? vprintk+0x84/0xa0
[  110.773864]  _raw_spin_lock_irqsave+0x39/0x60
[  110.773893]  ? down_trylock+0xe/0x70
[  110.773919]  down_trylock+0xe/0x70
[  110.773943]  ? vprintk+0x84/0xa0
[  110.773976]  __down_trylock_console_sem+0x3b/0xd0
[  110.774008]  vprintk_emit+0x16b/0x560
[  110.774044]  vprintk+0x84/0xa0
[  110.774078]  _printk+0xba/0xf1
[  110.774134]  ? record_print_text.cold+0x16/0x16
[  110.774175]  ? report_bug.cold+0x66/0xab
[  110.774202]  ? group_sched_out.part.0+0x2c7/0x460
[  110.774223]  report_bug.cold+0x72/0xab
[  110.774250]  handle_bug+0x3c/0x70
[  110.774276]  exc_invalid_op+0x14/0x50
[  110.774303]  asm_exc_invalid_op+0x16/0x20
[  110.774335] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  110.774359] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  110.774380] RSP: 0018:ffff88801b907c48 EFLAGS: 00010006
[  110.774397] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  110.774411] RDX: ffff88801a731ac0 RSI: ffffffff81566027 RDI: 0000000000000005
[  110.774425] RBP: ffff88803d6f0000 R08: 0000000000000005 R09: 0000000000000001
[  110.774439] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff88800db3d000
[  110.774453] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  110.774473]  ? group_sched_out.part.0+0x2c7/0x460
[  110.774497]  ? group_sched_out.part.0+0x2c7/0x460
[  110.774521]  ctx_sched_out+0x8f1/0xc10
[  110.774544]  __perf_event_task_sched_out+0x6d0/0x18d0
[  110.774573]  ? lock_is_held_type+0xd7/0x130
[  110.774607]  ? __perf_cgroup_move+0x160/0x160
[  110.774629]  ? set_next_entity+0x304/0x550
[  110.774663]  ? update_curr+0x267/0x740
[  110.774698]  ? lock_is_held_type+0xd7/0x130
[  110.774732]  __schedule+0xedd/0x2470
[  110.774756]  ? io_schedule_timeout+0x150/0x150
[  110.774780]  ? rcu_read_lock_sched_held+0x3e/0x80
[  110.774817]  schedule+0xda/0x1b0
[  110.774838]  exit_to_user_mode_prepare+0x114/0x1a0
[  110.774876]  syscall_exit_to_user_mode+0x19/0x40
[  110.774910]  do_syscall_64+0x48/0x90
[  110.774937]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.774970] RIP: 0033:0x7fa1e528eb19
[  110.774985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  110.775006] RSP: 002b:00007fa1e2804218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  110.775026] RAX: 0000000000000001 RBX: 00007fa1e53a1f68 RCX: 00007fa1e528eb19
[  110.775040] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa1e53a1f6c
[  110.775053] RBP: 00007fa1e53a1f60 R08: 000000000000000e R09: 0000000000000000
[  110.775067] R10: 0000000000000005 R11: 0000000000000246 R12: 00007fa1e53a1f6c
[  110.775080] R13: 00007ffe310508df R14: 00007fa1e2804300 R15: 0000000000022000
[  110.775104]  </TASK>
[  110.875110] WARNING: CPU: 1 PID: 3745 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  110.876347] Modules linked in:
[  110.876782] CPU: 1 PID: 3745 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220913 #1
[  110.877872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  110.879381] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  110.880116] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  110.882535] RSP: 0018:ffff88801b907c48 EFLAGS: 00010006
[  110.883252] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  110.884202] RDX: ffff88801a731ac0 RSI: ffffffff81566027 RDI: 0000000000000005
[  110.885156] RBP: ffff88803d6f0000 R08: 0000000000000005 R09: 0000000000000001
[  110.886121] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff88800db3d000
[  110.887077] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  110.888049] FS:  00007fa1e2804700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  110.889122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  110.889913] CR2: 000056367fb1a080 CR3: 000000001b198000 CR4: 0000000000350ee0
[  110.890890] Call Trace:
[  110.891243]  <TASK>
[  110.891566]  ctx_sched_out+0x8f1/0xc10
[  110.892107]  __perf_event_task_sched_out+0x6d0/0x18d0
[  110.892816]  ? lock_is_held_type+0xd7/0x130
[  110.893421]  ? __perf_cgroup_move+0x160/0x160
[  110.894038]  ? set_next_entity+0x304/0x550
[  110.894636]  ? update_curr+0x267/0x740
[  110.895188]  ? lock_is_held_type+0xd7/0x130
[  110.895789]  __schedule+0xedd/0x2470
[  110.896306]  ? io_schedule_timeout+0x150/0x150
[  110.896944]  ? rcu_read_lock_sched_held+0x3e/0x80
[  110.897622]  schedule+0xda/0x1b0
[  110.898118]  exit_to_user_mode_prepare+0x114/0x1a0
[  110.898807]  syscall_exit_to_user_mode+0x19/0x40
[  110.899459]  do_syscall_64+0x48/0x90
[  110.899985]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.900693] RIP: 0033:0x7fa1e528eb19
[  110.901197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  110.903634] RSP: 002b:00007fa1e2804218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  110.904653] RAX: 0000000000000001 RBX: 00007fa1e53a1f68 RCX: 00007fa1e528eb19
[  110.905618] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa1e53a1f6c
[  110.906576] RBP: 00007fa1e53a1f60 R08: 000000000000000e R09: 0000000000000000
[  110.907537] R10: 0000000000000005 R11: 0000000000000246 R12: 00007fa1e53a1f6c
[  110.908504] R13: 00007ffe310508df R14: 00007fa1e2804300 R15: 0000000000022000
[  110.909475]  </TASK>
[  110.909805] irq event stamp: 1098
[  110.910290] hardirqs last  enabled at (1097): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  110.911568] hardirqs last disabled at (1098): [<ffffffff8424b1d5>] __schedule+0x1225/0x2470
[  110.912683] softirqs last  enabled at (778): [<ffffffff8117060b>] __irq_exit_rcu+0x11b/0x180
[  110.913832] softirqs last disabled at (745): [<ffffffff8117060b>] __irq_exit_rcu+0x11b/0x180
[  110.914989] ---[ end trace 0000000000000000 ]---
13:03:13 executing program 5:
memfd_create(0x0, 0x9)

[  111.336802] syz-executor.7 (3745) used greatest stack depth: 24472 bytes left
13:03:13 executing program 7:
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, r0, 0x0, 0x100000)

13:03:13 executing program 5:
memfd_create(0x0, 0x9)

13:03:13 executing program 5:
memfd_create(0x0, 0x9)

[  111.894616] hrtimer: interrupt took 15429 ns
[  118.524770] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  118.524766] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  118.524971] Bluetooth: hci2: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
13:03:13  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000033b60 RCX=1ffffffff0b5ff60 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=00007ff64b1ccd82 RSP=ffff88803d8774d0
R8 =0000000000000007 R9 =ffffffffff600000 R10=00007ff64b1cc000 R11=000000000003603d
R12=ffff88803d8775f0 R13=0000000000000000 R14=ffff88803bbcb580 R15=0000000000092cc0
RIP=ffffffff81314338 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff64b1ac1f0 CR3=000000001dbfa000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 6461657268747062 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00302e6f732e6461 657268747062696c
YMM03=0000000000000000 0000000000000000 2f756e672d78756e 696c2d34365f3638
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88801b907698
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=000000000000000a R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0
RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fa1e2804700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000056367fb1a080 CR3=000000001b198000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fa1e53757c0 00007fa1e53757c8
YMM02=0000000000000000 0000000000000000 00007fa1e53757e0 00007fa1e53757c0
YMM03=0000000000000000 0000000000000000 00007fa1e53757c8 00007fa1e53757c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000