program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x20081e, &(0x7f0000000100), 0x1, 0x502, &(0x7f0000000a00)="$eJzs3c9vI1cdAPCvnV9OmjZp6QEQokspLGi1TuJto6oHKCeEUCVEjyBtQ+KNothxFDulCXvY/g9IVOIER/4Azj3xJyC4cYEDEj8iULMSSFPNeLzrzdob7yaxs/HnI41m3ryxv+/t7rzn+W7iF8DYuhYR9yJiOiI+iIiF/Hwh3+Ld9pZe99nR3fXjo7vrhUiS9/9VyOrTc9H1mtQL+XuWIuLH34/4WeHxuM2Dw+21Wq261y7OLrXqu0vNg8ObW/W1zepmdadSWV1ZXX771luVc+vra/Xp9sFE2sBv/yJt1nxe192Pc/T/JDP1IE5qMiJ+eAHBRmEi78/0qBvCMylGxCsR8Xp2/y/ERPa3CQBcZUmyEMlCdxkAuOqKWQ6sUCznuYD5KBbL5XYO79WYK9YazdaNO439nY12rmwxpop3tmrV5TxXuBhThbS8kh0/LFdOlG9FxMsR8cuZ2axcXm/UNkb5wQcAxtgLJ+b//860538A4IorjboBAMDQmf8BYPyY/wFg/Jj/AWD8mP8BYPyY/wFg/Jj/AWCs/Oi999ItOc6//3rjw4P97caHNzeqze1yfX+9vN7Y2y1vNhqb2Xf21E97v1qjsbvyZux/tPid3WZrqXlweLve2N9p3c6+1/t2dWoovQIAnuTl1z79cyEi7r0zm23RtZaDuRqutuJZXjx7fu0Ahm9i1A0ARsZqXzC+zvCMLz0AV0SPJXofUXrkcT+/OkmS5GKbBVyg61+S/4dx1ZX/91PAMGbk/2F8DZr/Py0/ADx/kqQw6Jr/MeiFAMDlJscP9Hm+fyXf/y7/z4Gfbpy84pOLbBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcbp31f8v5WuDzUSyWyxEvRsRiTBXubNWqyxHxUkT8aWZqJi2vjLjNAMBZFf9eyNf/ur7wxvzJ2unC/ZlsHxE///X7v/pordXa+2N6/t8Pzrc+yc9XRtF+AOA0nXk623c9yH92dHe9sw2zPf/4XkSU2vGPj6bj+EH8yZjM9qWYioi5/xTycluhK3dxFvc+jogv9up/IeazHEh75dOT8dPYLw41fvGR+MWsrr1P/yy+8NSRk4VzaD481z5Nx593e91/xbiW7Xvf/6VshDq7fPxL32r9OBsDH8bvjH8Tfca/a4PGePMPP2gfzT5e93HElycjOrGPu8afTvxCn/hvDBj/L1/56uv96pLfRFyP3vG7Yy216rtLzYPDm1v1tc3qZnWnUlldWV1++9ZblaUsR73Ufzb45zs3XupXl/Z/rk/80in9/8aA/f/t/z74ydeeEP9bX+8VvxivPiF+Oid+c8D4a3O/L/WrS+Nv9Ox/R//+3xgw/l//dvjYsuEAwOg0Dw6312q16t4wDzofJIYa1MEVOEj/1VyCZvQ8+O6wYk3HU70qSZ4pVr8R4zyybsBl0L7Xk+peRNwfdWMAAAAAAAAAAAAAAICehvEbS6PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX5wEAAP//90HVog==")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0xffc9)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0423", @ANYRES64=0x0], 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x2ac00)
ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f0000008940)={0x0, {}, 0x0, {}, 0x2, 0x5, 0x6, 0x0, "9e959f16deab7b08aa26e66c4056a516950600000000000000eef4fb0efcc1d8a6078ed9d5f8643902dd8f6fac274de9d940ffa5e592bbd48685450d00002000", "f625c10e6e0080ffffffffffffffff7e904dc8df6aa3a893ec00347f41be6908", [0xa, 0x80000476]})
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x4}}, 0x20)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9d", 0x1cb}, {&(0x7f00000005c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859007067c10aa7352abbdf98e9bf033a4784a11e84639d3b9164d9c5d729f3dd409d39ff6d5cca97", 0x47}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000ecfd6cc1b3a9a9263506e88c5557069d0ca055991454ec1307b7411892a1beaef9ae54833107eb88b0411b1bc0ba9bc28d0eb6a73ad76be9facd1d9d82b6a3cc2040e84b398d279e50535b6557df8a633cfc7615fca9879b11834eb07eeb4278cab057f89b7464048cf573c21df5435e3b81aaba048fa4264d4c15513c91e9230a8e4b7635b58dc631604c311225f21db11c7101278ef4c7", 0xe2}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0), 0x0, 0x40000123, &(0x7f0000003700))
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x9, 0x40, 0x3, '\x00', 0x7})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x0, 0x7fff0000}]})
r8 = msgget$private(0x0, 0xc)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r9, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0000fa"], 0xe)
msgsnd(r8, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000020000000"], 0x8, 0x0)
msgrcv(r8, 0x0, 0x0, 0x2, 0x4800)

[   73.035096][ T4666] Bluetooth: hci0: command tx timeout
[   73.121576][ T5318] loop0: detected capacity change from 0 to 512
[   73.179675][ T5318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.199568][ T5318] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.309277][ T5318] loop0: detected capacity change from 512 to 511
[   73.327309][ T5318] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.0: bg 0: block 16368: padding at end of block bitmap is not set
[   73.348224][ T5318] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET)
[   75.080151][ T5299] Bluetooth: hci0: command tx timeout
[   75.321402][ T4666] ------------[ cut here ]------------
[   75.323948][ T4666] refcnt < 0
[   75.323957][ T4666] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xff/0x2c0, CPU#0: kworker/u5:1/4666
[   75.330618][ T4666] Modules linked in:
[   75.332542][ T4666] CPU: 0 UID: 0 PID: 4666 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   75.336435][ T4666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.340671][ T4666] Workqueue: hci0 hci_conn_timeout
[   75.342791][ T4666] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   75.345125][ T4666] Code: 48 89 df e8 33 93 09 00 eb 07 e8 5c a3 30 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 17 ae fe ff e8 42 a3 30 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.353256][ T4666] RSP: 0018:ffffc900035d7ad0 EFLAGS: 00010293
[   75.355973][ T4666] RAX: ffffffff8a93e44e RBX: ffff888037f90000 RCX: ffff888000130000
[   75.359629][ T4666] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   75.363226][ T4666] RBP: 00000000ffffffff R08: ffff888037f90013 R09: 1ffff11006ff2002
[   75.366850][ T4666] R10: dffffc0000000000 R11: ffffed1006ff2003 R12: dffffc0000000000
[   75.370485][ T4666] R13: ffff888000652018 R14: ffff888037f90a40 R15: ffff888037f90010
[   75.374068][ T4666] FS:  0000000000000000(0000) GS:ffff88808cabd000(0000) knlGS:0000000000000000
[   75.378168][ T4666] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.381112][ T4666] CR2: 0000200000003700 CR3: 0000000044492000 CR4: 0000000000352ef0
[   75.384509][ T4666] Call Trace:
[   75.386000][ T4666]  <TASK>
[   75.387302][ T4666]  ? process_scheduled_works+0xa0f/0x17a0
[   75.390027][ T4666]  process_scheduled_works+0xaec/0x17a0
[   75.392572][ T4666]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.395198][ T4666]  ? do_raw_spin_lock+0x12b/0x2f0
[   75.397562][ T4666]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   75.402569][ T4666]  worker_thread+0xda6/0x1360
[   75.405041][ T4666]  ? __kthread_parkme+0x19c/0x1f0
[   75.407266][ T4666]  kthread+0x388/0x470
[   75.409171][ T4666]  ? __pfx_worker_thread+0x10/0x10
[   75.411534][ T4666]  ? __pfx_kthread+0x10/0x10
[   75.413662][ T4666]  ret_from_fork+0x51e/0xb90
[   75.415727][ T4666]  ? __pfx_ret_from_fork+0x10/0x10
[   75.418037][ T4666]  ? __switch_to+0xc7d/0x1400
[   75.420378][ T4666]  ? __pfx_kthread+0x10/0x10
[   75.422489][ T4666]  ret_from_fork_asm+0x1a/0x30
[   75.424596][ T4666]  </TASK>
[   75.425918][ T4666] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.428839][ T4666] CPU: 0 UID: 0 PID: 4666 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   75.432717][ T4666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.437070][ T4666] Workqueue: hci0 hci_conn_timeout
[   75.439296][ T4666] Call Trace:
[   75.440858][ T4666]  <TASK>
[   75.442250][ T4666]  vpanic+0x1e0/0x670
[   75.444107][ T4666]  panic+0xc5/0xd0
[   75.445637][ T4666]  ? __pfx_panic+0x10/0x10
[   75.447699][ T4666]  ? ret_from_fork_asm+0x1a/0x30
[   75.449883][ T4666]  __warn+0x315/0x4a0
[   75.451657][ T4666]  ? hci_conn_timeout+0xff/0x2c0
[   75.453809][ T4666]  ? hci_conn_timeout+0xff/0x2c0
[   75.455976][ T4666]  __report_bug+0x29a/0x540
[   75.457807][ T4666]  ? hci_conn_timeout+0xff/0x2c0
[   75.459847][ T4666]  ? __pfx___report_bug+0x10/0x10
[   75.462020][ T4666]  ? add_lock_to_list+0xc7/0x100
[   75.464226][ T4666]  ? lockdep_unlock+0x5d/0xd0
[   75.466341][ T4666]  ? __lock_acquire+0x146e/0x2cf0
[   75.468532][ T4666]  ? hci_conn_timeout+0xff/0x2c0
[   75.470659][ T4666]  report_bug+0x16a/0x220
[   75.472563][ T4666]  ? hci_conn_timeout+0xff/0x2c0
[   75.475015][ T4666]  ? hci_conn_timeout+0x101/0x2c0
[   75.477173][ T4666]  handle_bug+0x98/0x200
[   75.478996][ T4666]  exc_invalid_op+0x1a/0x50
[   75.480987][ T4666]  asm_exc_invalid_op+0x1a/0x20
[   75.483213][ T4666] RIP: 0010:hci_conn_timeout+0xff/0x2c0
[   75.485792][ T4666] Code: 48 89 df e8 33 93 09 00 eb 07 e8 5c a3 30 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 17 ae fe ff e8 42 a3 30 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff
[   75.492793][ T4666] RSP: 0018:ffffc900035d7ad0 EFLAGS: 00010293
[   75.495255][ T4666] RAX: ffffffff8a93e44e RBX: ffff888037f90000 RCX: ffff888000130000
[   75.498723][ T4666] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   75.502173][ T4666] RBP: 00000000ffffffff R08: ffff888037f90013 R09: 1ffff11006ff2002
[   75.505395][ T4666] R10: dffffc0000000000 R11: ffffed1006ff2003 R12: dffffc0000000000
[   75.508686][ T4666] R13: ffff888000652018 R14: ffff888037f90a40 R15: ffff888037f90010
[   75.511994][ T4666]  ? hci_conn_timeout+0xfe/0x2c0
[   75.514061][ T4666]  ? process_scheduled_works+0xa0f/0x17a0
[   75.516186][ T4666]  process_scheduled_works+0xaec/0x17a0
[   75.518576][ T4666]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.521270][ T4666]  ? do_raw_spin_lock+0x12b/0x2f0
[   75.523548][ T4666]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   75.525957][ T4666]  worker_thread+0xda6/0x1360
[   75.527971][ T4666]  ? __kthread_parkme+0x19c/0x1f0
[   75.530169][ T4666]  kthread+0x388/0x470
[   75.532007][ T4666]  ? __pfx_worker_thread+0x10/0x10
[   75.534244][ T4666]  ? __pfx_kthread+0x10/0x10
[   75.536262][ T4666]  ret_from_fork+0x51e/0xb90
[   75.538277][ T4666]  ? __pfx_ret_from_fork+0x10/0x10
[   75.540600][ T4666]  ? __switch_to+0xc7d/0x1400
[   75.542682][ T4666]  ? __pfx_kthread+0x10/0x10
[   75.544851][ T4666]  ret_from_fork_asm+0x1a/0x30
[   75.546791][ T4666]  </TASK>
[   75.548469][ T4666] Kernel Offset: disabled
[   75.550339][ T4666] Rebooting in 86400 seconds..