Warning: Permanently added '[localhost]:21397' (ECDSA) to the list of known hosts.
2022/09/14 11:38:39 fuzzer started
2022/09/14 11:38:39 dialing manager at localhost:33849
syzkaller login: [   44.666815] cgroup: Unknown subsys name 'net'
[   44.762268] cgroup: Unknown subsys name 'rlimit'
2022/09/14 11:38:53 syscalls: 2215
2022/09/14 11:38:53 code coverage: enabled
2022/09/14 11:38:53 comparison tracing: enabled
2022/09/14 11:38:53 extra coverage: enabled
2022/09/14 11:38:53 setuid sandbox: enabled
2022/09/14 11:38:53 namespace sandbox: enabled
2022/09/14 11:38:53 Android sandbox: enabled
2022/09/14 11:38:53 fault injection: enabled
2022/09/14 11:38:53 leak checking: enabled
2022/09/14 11:38:53 net packet injection: enabled
2022/09/14 11:38:53 net device setup: enabled
2022/09/14 11:38:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/14 11:38:53 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/14 11:38:53 USB emulation: enabled
2022/09/14 11:38:53 hci packet injection: enabled
2022/09/14 11:38:53 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220914                                          )
2022/09/14 11:38:53 802.15.4 emulation: enabled
2022/09/14 11:38:53 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/14 11:38:54 fetching corpus: 43, signal 28122/31422 (executing program)
2022/09/14 11:38:54 fetching corpus: 93, signal 41385/45861 (executing program)
2022/09/14 11:38:54 fetching corpus: 143, signal 51148/56572 (executing program)
2022/09/14 11:38:54 fetching corpus: 193, signal 61634/67705 (executing program)
2022/09/14 11:38:54 fetching corpus: 240, signal 68828/75531 (executing program)
2022/09/14 11:38:54 fetching corpus: 290, signal 73526/80940 (executing program)
2022/09/14 11:38:54 fetching corpus: 339, signal 78151/86061 (executing program)
2022/09/14 11:38:54 fetching corpus: 388, signal 81200/89722 (executing program)
2022/09/14 11:38:55 fetching corpus: 438, signal 84517/93480 (executing program)
2022/09/14 11:38:55 fetching corpus: 488, signal 90137/99207 (executing program)
2022/09/14 11:38:55 fetching corpus: 535, signal 96506/105384 (executing program)
2022/09/14 11:38:55 fetching corpus: 585, signal 100009/109019 (executing program)
2022/09/14 11:38:55 fetching corpus: 633, signal 101713/111117 (executing program)
2022/09/14 11:38:55 fetching corpus: 683, signal 105272/114639 (executing program)
2022/09/14 11:38:56 fetching corpus: 733, signal 108350/117692 (executing program)
2022/09/14 11:38:56 fetching corpus: 777, signal 111714/121110 (executing program)
2022/09/14 11:38:56 fetching corpus: 826, signal 115408/124417 (executing program)
2022/09/14 11:38:56 fetching corpus: 874, signal 117338/126354 (executing program)
2022/09/14 11:38:56 fetching corpus: 924, signal 119326/128204 (executing program)
2022/09/14 11:38:56 fetching corpus: 973, signal 120792/129740 (executing program)
2022/09/14 11:38:57 fetching corpus: 1023, signal 123523/132202 (executing program)
2022/09/14 11:38:57 fetching corpus: 1072, signal 126813/134850 (executing program)
2022/09/14 11:38:57 fetching corpus: 1122, signal 128432/136328 (executing program)
2022/09/14 11:38:57 fetching corpus: 1170, signal 129348/137273 (executing program)
2022/09/14 11:38:57 fetching corpus: 1220, signal 130628/138443 (executing program)
2022/09/14 11:38:57 fetching corpus: 1270, signal 133117/140273 (executing program)
2022/09/14 11:38:57 fetching corpus: 1319, signal 135545/142063 (executing program)
2022/09/14 11:38:58 fetching corpus: 1369, signal 136647/142980 (executing program)
2022/09/14 11:38:58 fetching corpus: 1419, signal 138368/144404 (executing program)
2022/09/14 11:38:58 fetching corpus: 1468, signal 139632/145305 (executing program)
2022/09/14 11:38:58 fetching corpus: 1518, signal 141195/146379 (executing program)
2022/09/14 11:38:58 fetching corpus: 1568, signal 142600/147315 (executing program)
2022/09/14 11:38:58 fetching corpus: 1618, signal 143994/148156 (executing program)
2022/09/14 11:38:59 fetching corpus: 1668, signal 145318/148955 (executing program)
2022/09/14 11:38:59 fetching corpus: 1717, signal 147308/150064 (executing program)
2022/09/14 11:38:59 fetching corpus: 1754, signal 148355/150653 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/150712 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/150767 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/150823 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/150889 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/150958 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151025 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151090 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151138 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151209 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151254 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151307 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151372 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151434 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151478 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151547 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151607 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151674 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151737 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151791 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151843 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151902 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/151970 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/152035 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/152080 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/152132 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/152194 (executing program)
2022/09/14 11:38:59 fetching corpus: 1755, signal 148367/152262 (executing program)
2022/09/14 11:38:59 fetching corpus: 1756, signal 148370/152330 (executing program)
2022/09/14 11:38:59 fetching corpus: 1756, signal 148370/152389 (executing program)
2022/09/14 11:38:59 fetching corpus: 1756, signal 148370/152447 (executing program)
2022/09/14 11:38:59 fetching corpus: 1756, signal 148370/152507 (executing program)
2022/09/14 11:38:59 fetching corpus: 1756, signal 148370/152559 (executing program)
2022/09/14 11:38:59 fetching corpus: 1756, signal 148370/152559 (executing program)
2022/09/14 11:39:02 starting 8 fuzzer processes
11:39:02 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0xad, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)={0x1090c0}, 0x18)

11:39:02 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1)
chdir(&(0x7f0000000140)='./file0\x00')
openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="8751252b39c0f0a3727a0077010000000000000010000000", @ANYRES32=r2, @ANYBLOB='Y0\x00``\x00'/18])
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x8, 0x0, 0x8000000)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r5, r1, 0x0, 0xfffffdef)

11:39:02 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)

11:39:02 executing program 4:
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @random="786634e842a3", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @broadcast, @broadcast, @local, @multicast2}}}}, 0x0)

11:39:02 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x24, r1, 0x87d27e71721737b5, 0x0, 0x0, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8}]}, 0x24}}, 0x0)

11:39:02 executing program 6:
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x100000)
readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1)
ioctl$RTC_EPOCH_SET(r2, 0x4008700e, 0xff)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000200)={0x7, 0x0, 0x40})
getpid()
syncfs(r1)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)={0x0, 0x4, 0x7fff})

11:39:02 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x66}, [], {0x14}}, 0x28}}, 0x0)

[   66.852898] audit: type=1400 audit(1663155542.837:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:39:02 executing program 7:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
pread64(r0, 0x0, 0x0, 0x0)

[   68.121564] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.125716] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.127413] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.131234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.133618] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   68.135294] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.141024] Bluetooth: hci0: HCI_REQ-0x0c1a
[   68.165986] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   68.167760] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   68.170830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   68.174586] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   68.177816] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   68.178996] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.182022] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   68.182237] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.185801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.191162] Bluetooth: hci1: HCI_REQ-0x0c1a
[   68.199991] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.205222] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   68.207835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.230554] Bluetooth: hci2: HCI_REQ-0x0c1a
[   68.230813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   68.233238] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   68.235344] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   68.244220] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   68.247619] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   68.249104] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   68.253779] Bluetooth: hci5: HCI_REQ-0x0c1a
[   68.264546] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   68.266114] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   68.272220] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   68.275515] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   68.277730] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   68.278795] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   68.283852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   68.284531] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   68.292066] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   68.296772] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   68.298975] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   68.308185] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   68.322003] Bluetooth: hci4: HCI_REQ-0x0c1a
[   68.331978] Bluetooth: hci6: HCI_REQ-0x0c1a
[   68.339858] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   68.348044] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   68.349546] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   68.353405] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   68.355772] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   68.358124] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   68.362882] Bluetooth: hci7: HCI_REQ-0x0c1a
[   70.193508] Bluetooth: hci0: command 0x0409 tx timeout
[   70.256976] Bluetooth: hci2: command 0x0409 tx timeout
[   70.257044] Bluetooth: hci5: command 0x0409 tx timeout
[   70.257549] Bluetooth: hci1: command 0x0409 tx timeout
[   70.258583] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   70.385045] Bluetooth: hci6: command 0x0409 tx timeout
[   70.386027] Bluetooth: hci4: command 0x0409 tx timeout
[   70.386031] Bluetooth: hci7: command 0x0409 tx timeout
[   72.241967] Bluetooth: hci0: command 0x041b tx timeout
[   72.304975] Bluetooth: hci1: command 0x041b tx timeout
[   72.306073] Bluetooth: hci5: command 0x041b tx timeout
[   72.306555] Bluetooth: hci2: command 0x041b tx timeout
[   72.433061] Bluetooth: hci7: command 0x041b tx timeout
[   72.433885] Bluetooth: hci4: command 0x041b tx timeout
[   72.434846] Bluetooth: hci6: command 0x041b tx timeout
[   73.455769] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   73.458145] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   73.460885] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   73.468797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   73.475115] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   73.478734] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.488803] Bluetooth: hci3: HCI_REQ-0x0c1a
[   74.288955] Bluetooth: hci0: command 0x040f tx timeout
[   74.353028] Bluetooth: hci2: command 0x040f tx timeout
[   74.353485] Bluetooth: hci5: command 0x040f tx timeout
[   74.353946] Bluetooth: hci1: command 0x040f tx timeout
[   74.481238] Bluetooth: hci6: command 0x040f tx timeout
[   74.481773] Bluetooth: hci4: command 0x040f tx timeout
[   74.482604] Bluetooth: hci7: command 0x040f tx timeout
[   75.506054] Bluetooth: hci3: command 0x0409 tx timeout
[   76.337043] Bluetooth: hci0: command 0x0419 tx timeout
[   76.401131] Bluetooth: hci1: command 0x0419 tx timeout
[   76.401856] Bluetooth: hci5: command 0x0419 tx timeout
[   76.402567] Bluetooth: hci2: command 0x0419 tx timeout
[   76.529050] Bluetooth: hci7: command 0x0419 tx timeout
[   76.529879] Bluetooth: hci4: command 0x0419 tx timeout
[   76.532870] Bluetooth: hci6: command 0x0419 tx timeout
[   77.553083] Bluetooth: hci3: command 0x041b tx timeout
[   79.600999] Bluetooth: hci3: command 0x040f tx timeout
[   81.649003] Bluetooth: hci3: command 0x0419 tx timeout
[  124.318450] loop1: detected capacity change from 0 to 40
[  124.362423] audit: type=1400 audit(1663155600.347:7): avc:  denied  { open } for  pid=3803 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  124.372339] audit: type=1400 audit(1663155600.357:8): avc:  denied  { kernel } for  pid=3803 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  124.384382] ------------[ cut here ]------------
[  124.384401] 
[  124.384404] ======================================================
[  124.384407] WARNING: possible circular locking dependency detected
[  124.384411] 6.0.0-rc5-next-20220914 #1 Not tainted
[  124.384417] ------------------------------------------------------
[  124.384420] syz-executor.1/3804 is trying to acquire lock:
[  124.384426] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  124.384462] 
[  124.384462] but task is already holding lock:
[  124.384464] ffff88803e204c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  124.384491] 
[  124.384491] which lock already depends on the new lock.
[  124.384491] 
[  124.384494] 
[  124.384494] the existing dependency chain (in reverse order) is:
[  124.384497] 
[  124.384497] -> #3 (&ctx->lock){....}-{2:2}:
[  124.384511]        _raw_spin_lock+0x2a/0x40
[  124.384527]        __perf_event_task_sched_out+0x53b/0x18d0
[  124.384539]        __schedule+0xedd/0x2470
[  124.384549]        schedule+0xda/0x1b0
[  124.384559]        exit_to_user_mode_prepare+0x114/0x1a0
[  124.384578]        syscall_exit_to_user_mode+0x19/0x40
[  124.384595]        do_syscall_64+0x48/0x90
[  124.384609]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.384625] 
[  124.384625] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  124.384639]        _raw_spin_lock_nested+0x30/0x40
[  124.384654]        raw_spin_rq_lock_nested+0x1e/0x30
[  124.384666]        task_fork_fair+0x63/0x4d0
[  124.384682]        sched_cgroup_fork+0x3d0/0x540
[  124.384696]        copy_process+0x4183/0x6e20
[  124.384706]        kernel_clone+0xe7/0x890
[  124.384715]        user_mode_thread+0xad/0xf0
[  124.384725]        rest_init+0x24/0x250
[  124.384744]        arch_call_rest_init+0xf/0x14
[  124.384758]        start_kernel+0x4c1/0x4e6
[  124.384768]        secondary_startup_64_no_verify+0xe0/0xeb
[  124.384781] 
[  124.384781] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  124.384795]        _raw_spin_lock_irqsave+0x39/0x60
[  124.384810]        try_to_wake_up+0xab/0x1920
[  124.384823]        up+0x75/0xb0
[  124.384834]        __up_console_sem+0x6e/0x80
[  124.384849]        console_unlock+0x46a/0x590
[  124.384864]        vprintk_emit+0x1bd/0x560
[  124.384880]        vprintk+0x84/0xa0
[  124.384896]        _printk+0xba/0xf1
[  124.384916]        kauditd_hold_skb.cold+0x3f/0x4e
[  124.384929]        kauditd_send_queue+0x233/0x290
[  124.384946]        kauditd_thread+0x5da/0x9a0
[  124.384960]        kthread+0x2ed/0x3a0
[  124.384974]        ret_from_fork+0x22/0x30
[  124.384986] 
[  124.384986] -> #0 ((console_sem).lock){....}-{2:2}:
[  124.385000]        __lock_acquire+0x2a02/0x5e70
[  124.385016]        lock_acquire+0x1a2/0x530
[  124.385031]        _raw_spin_lock_irqsave+0x39/0x60
[  124.385046]        down_trylock+0xe/0x70
[  124.385057]        __down_trylock_console_sem+0x3b/0xd0
[  124.385073]        vprintk_emit+0x16b/0x560
[  124.385089]        vprintk+0x84/0xa0
[  124.385104]        _printk+0xba/0xf1
[  124.385120]        report_bug.cold+0x72/0xab
[  124.385132]        handle_bug+0x3c/0x70
[  124.385145]        exc_invalid_op+0x14/0x50
[  124.385157]        asm_exc_invalid_op+0x16/0x20
[  124.385173]        group_sched_out.part.0+0x2c7/0x460
[  124.385183]        ctx_sched_out+0x8f1/0xc10
[  124.385193]        __perf_event_task_sched_out+0x6d0/0x18d0
[  124.385205]        __schedule+0xedd/0x2470
[  124.385214]        schedule+0xda/0x1b0
[  124.385224]        exit_to_user_mode_prepare+0x114/0x1a0
[  124.385242]        syscall_exit_to_user_mode+0x19/0x40
[  124.385259]        do_syscall_64+0x48/0x90
[  124.385271]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.385288] 
[  124.385288] other info that might help us debug this:
[  124.385288] 
[  124.385290] Chain exists of:
[  124.385290]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  124.385290] 
[  124.385305]  Possible unsafe locking scenario:
[  124.385305] 
[  124.385307]        CPU0                    CPU1
[  124.385309]        ----                    ----
[  124.385312]   lock(&ctx->lock);
[  124.385317]                                lock(&rq->__lock);
[  124.385323]                                lock(&ctx->lock);
[  124.385330]   lock((console_sem).lock);
[  124.385335] 
[  124.385335]  *** DEADLOCK ***
[  124.385335] 
[  124.385337] 2 locks held by syz-executor.1/3804:
[  124.385344]  #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  124.385370]  #1: ffff88803e204c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  124.385398] 
[  124.385398] stack backtrace:
[  124.385401] CPU: 1 PID: 3804 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220914 #1
[  124.385413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  124.385421] Call Trace:
[  124.385424]  <TASK>
[  124.385429]  dump_stack_lvl+0x8b/0xb3
[  124.385443]  check_noncircular+0x263/0x2e0
[  124.385459]  ? format_decode+0x26c/0xb50
[  124.385475]  ? print_circular_bug+0x450/0x450
[  124.385491]  ? enable_ptr_key_workfn+0x20/0x20
[  124.385506]  ? format_decode+0x26c/0xb50
[  124.385521]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  124.385539]  __lock_acquire+0x2a02/0x5e70
[  124.385560]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  124.385582]  lock_acquire+0x1a2/0x530
[  124.385598]  ? down_trylock+0xe/0x70
[  124.385612]  ? rcu_read_unlock+0x40/0x40
[  124.385633]  ? vprintk+0x84/0xa0
[  124.385650]  _raw_spin_lock_irqsave+0x39/0x60
[  124.385665]  ? down_trylock+0xe/0x70
[  124.385679]  down_trylock+0xe/0x70
[  124.385692]  ? vprintk+0x84/0xa0
[  124.385708]  __down_trylock_console_sem+0x3b/0xd0
[  124.385725]  vprintk_emit+0x16b/0x560
[  124.385744]  vprintk+0x84/0xa0
[  124.385761]  _printk+0xba/0xf1
[  124.385778]  ? record_print_text.cold+0x16/0x16
[  124.385799]  ? report_bug.cold+0x66/0xab
[  124.385813]  ? group_sched_out.part.0+0x2c7/0x460
[  124.385825]  report_bug.cold+0x72/0xab
[  124.385845]  handle_bug+0x3c/0x70
[  124.385859]  exc_invalid_op+0x14/0x50
[  124.385873]  asm_exc_invalid_op+0x16/0x20
[  124.385890] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  124.385904] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  124.385915] RSP: 0018:ffff888015e0fc48 EFLAGS: 00010006
[  124.385924] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  124.385932] RDX: ffff88803a403580 RSI: ffffffff81566027 RDI: 0000000000000005
[  124.385939] RBP: ffff888020478000 R08: 0000000000000005 R09: 0000000000000001
[  124.385947] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88803e204c00
[  124.385954] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  124.385965]  ? group_sched_out.part.0+0x2c7/0x460
[  124.385978]  ? group_sched_out.part.0+0x2c7/0x460
[  124.385991]  ctx_sched_out+0x8f1/0xc10
[  124.386003]  __perf_event_task_sched_out+0x6d0/0x18d0
[  124.386019]  ? lock_is_held_type+0xd7/0x130
[  124.386037]  ? __perf_cgroup_move+0x160/0x160
[  124.386048]  ? set_next_entity+0x304/0x550
[  124.386066]  ? update_curr+0x267/0x740
[  124.386083]  ? lock_is_held_type+0xd7/0x130
[  124.386102]  __schedule+0xedd/0x2470
[  124.386115]  ? io_schedule_timeout+0x150/0x150
[  124.386128]  ? rcu_read_lock_sched_held+0x3e/0x80
[  124.386147]  schedule+0xda/0x1b0
[  124.386158]  exit_to_user_mode_prepare+0x114/0x1a0
[  124.386178]  syscall_exit_to_user_mode+0x19/0x40
[  124.386196]  do_syscall_64+0x48/0x90
[  124.386210]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.386227] RIP: 0033:0x7fdd35a6fb19
[  124.386236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  124.386247] RSP: 002b:00007fdd32fe5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  124.386257] RAX: 0000000000000001 RBX: 00007fdd35b82f68 RCX: 00007fdd35a6fb19
[  124.386265] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdd35b82f6c
[  124.386272] RBP: 00007fdd35b82f60 R08: 000000000000000e R09: 0000000000000000
[  124.386279] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fdd35b82f6c
[  124.386286] R13: 00007fff2706cdcf R14: 00007fdd32fe5300 R15: 0000000000022000
[  124.386299]  </TASK>
[  124.441374] WARNING: CPU: 1 PID: 3804 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  124.442122] Modules linked in:
[  124.442378] CPU: 1 PID: 3804 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220914 #1
[  124.442918] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  124.443666] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  124.444040] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  124.445255] RSP: 0018:ffff888015e0fc48 EFLAGS: 00010006
[  124.445782] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  124.446505] RDX: ffff88803a403580 RSI: ffffffff81566027 RDI: 0000000000000005
[  124.447222] RBP: ffff888020478000 R08: 0000000000000005 R09: 0000000000000001
[  124.447941] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88803e204c00
[  124.448658] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  124.449372] FS:  00007fdd32fe5700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  124.450105] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  124.450562] CR2: 00007f370439c368 CR3: 000000003e220000 CR4: 0000000000350ee0
[  124.451100] Call Trace:
[  124.451307]  <TASK>
[  124.451493]  ctx_sched_out+0x8f1/0xc10
[  124.451800]  __perf_event_task_sched_out+0x6d0/0x18d0
[  124.452204]  ? lock_is_held_type+0xd7/0x130
[  124.452543]  ? __perf_cgroup_move+0x160/0x160
[  124.452905]  ? set_next_entity+0x304/0x550
[  124.453238]  ? update_curr+0x267/0x740
[  124.453556]  ? lock_is_held_type+0xd7/0x130
[  124.453899]  __schedule+0xedd/0x2470
[  124.454163]  ? io_schedule_timeout+0x150/0x150
[  124.454499]  ? rcu_read_lock_sched_held+0x3e/0x80
[  124.454963]  schedule+0xda/0x1b0
[  124.455307]  exit_to_user_mode_prepare+0x114/0x1a0
[  124.455818]  syscall_exit_to_user_mode+0x19/0x40
[  124.456312]  do_syscall_64+0x48/0x90
[  124.456693]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.457223] RIP: 0033:0x7fdd35a6fb19
[  124.457599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  124.459433] RSP: 002b:00007fdd32fe5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  124.460192] RAX: 0000000000000001 RBX: 00007fdd35b82f68 RCX: 00007fdd35a6fb19
[  124.460900] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdd35b82f6c
[  124.461607] RBP: 00007fdd35b82f60 R08: 000000000000000e R09: 0000000000000000
[  124.462329] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fdd35b82f6c
[  124.462823] R13: 00007fff2706cdcf R14: 00007fdd32fe5300 R15: 0000000000022000
[  124.463320]  </TASK>
[  124.463486] irq event stamp: 5712
[  124.463721] hardirqs last  enabled at (5711): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  124.464347] hardirqs last disabled at (5712): [<ffffffff8424bcf5>] __schedule+0x1225/0x2470
[  124.464911] softirqs last  enabled at (5088): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  124.465505] softirqs last disabled at (5083): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  124.466091] ---[ end trace 0000000000000000 ]---
[  124.827925] hrtimer: interrupt took 18134 ns
11:40:00 executing program 7:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
pread64(r0, 0x0, 0x0, 0x0)

11:40:01 executing program 7:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
pread64(r0, 0x0, 0x0, 0x0)

11:40:01 executing program 7:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
pread64(r0, 0x0, 0x0, 0x0)

11:40:01 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1)
chdir(&(0x7f0000000140)='./file0\x00')
openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="8751252b39c0f0a3727a0077010000000000000010000000", @ANYRES32=r2, @ANYBLOB='Y0\x00``\x00'/18])
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x8, 0x0, 0x8000000)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r5, r1, 0x0, 0xfffffdef)

11:40:01 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1)
chdir(&(0x7f0000000140)='./file0\x00')
openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="8751252b39c0f0a3727a0077010000000000000010000000", @ANYRES32=r2, @ANYBLOB='Y0\x00``\x00'/18])
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x8, 0x0, 0x8000000)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r5, r1, 0x0, 0xfffffdef)

[  125.438802] loop7: detected capacity change from 0 to 40
[  125.439074] loop1: detected capacity change from 0 to 40
[  125.635032] syz-executor.1: attempt to access beyond end of device
[  125.635032] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[  125.636774] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:40:01 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1)
chdir(&(0x7f0000000140)='./file0\x00')
openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="8751252b39c0f0a3727a0077010000000000000010000000", @ANYRES32=r2, @ANYBLOB='Y0\x00``\x00'/18])
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x8, 0x0, 0x8000000)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r5, r1, 0x0, 0xfffffdef)

[  125.821046] loop1: detected capacity change from 0 to 40
11:40:02 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x66}, [], {0x14}}, 0x28}}, 0x0)

11:40:02 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x66}, [], {0x14}}, 0x28}}, 0x0)

[  131.568984] Bluetooth: hci1: Opcode 0x c03 failed: -110
[  131.568983] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  131.570641] Bluetooth: hci2: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
11:40:00  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffff888007c5b4d8 RCX=ffffffff84257cb5 RDX=ffff7fffffffffff
RSI=0000000000000008 RDI=ffff888007c5b4d8 RBP=ffffed1000f8b69b RSP=ffff88801776fcb8
R8 =0000000000000001 R9 =ffff888007c5b4df R10=ffffed1000f8b69b R11=0000000000000001
R12=1ffff11002eedf9d R13=dffffc0000000000 R14=0000000000000000 R15=ffffffff849d4a40
RIP=ffffffff81787e18 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f97d17b48c0 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7e9d9fb1f0 CR3=000000000ec26000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 6461657268747062 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00302e6f732e6461 657268747062696c
YMM03=0000000000000000 0000000000000000 2f756e672d78756e 696c2d34365f3638
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b24f1 RDI=ffffffff87641b60 RBP=ffffffff87641b20 RSP=ffff888015e0f698
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000063 R11=0000000000000001
R12=0000000000000063 R13=ffffffff87641b20 R14=0000000000000010 R15=ffffffff822b24e0
RIP=ffffffff822b2549 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fdd32fe5700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f370439c368 CR3=000000003e220000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000