loop5: detected capacity change from 0 to 131072
------------[ cut here ]------------
I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
percpu ref (io_ring_ctx_ref_free) <= 0 (0) after switching to atomic
WARNING: lib/percpu-refcount.c:197 at percpu_ref_switch_to_atomic_rcu+0x3cc/0x480, CPU#0: syz-executor.5/18028
FAT-fs (loop2): unable to read boot sector
Modules linked in:
CPU: 0 UID: 0 PID: 18028 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x3cc/0x480
Code: 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 9e 00 00 00 49 8b 75 e8 48 c7 c7 c0 99 e2 84 e8 25 ac e9 fe 90 <0f> 0b 90 90 e9 2b ff ff ff e8 56 de 5f ff e9 9e fe ff ff e8 dc de
RSP: 0018:ffff88806ce08e20 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8139de70
loop4: detected capacity change from 0 to 131072
RDX: ffff888015755280 RSI: ffffffff8139de7e RDI: 0000000000000001
RBP: 7fffffffffffffff R08: 0000000000000001 R09: ffffed100d9c117f
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800db60980
R13: ffff88800db609a0 R14: 0000000000000002 R15: 0000000000000003
FS:  00007f8e5d7e9700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcfbfc9d018 CR3: 000000000f673000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
msdos: Unknown parameter 'audit'
 rcu_core+0x7c8/0x1800
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:vprintk_store+0x17f/0xa20
Code: e8 86 97 1f 00 41 80 fd 03 0f 86 ce 00 00 00 e8 a7 9c 1f 00 48 89 ee 31 ff 45 31 e4 e8 fa 97 1f 00 48 85 ed 0f 85 6e 04 00 00 <e8> 8c 9c 1f 00 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 08 48 c7
RSP: 0018:ffff88803c1774c0 EFLAGS: 00000202
RAX: 00000000000001d3 RBX: ffff88806ce24025 RCX: 0000000000000040
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81545e97
RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff8643b457 R11: 0000000000000001 R12: 0000000000000030
R13: ffffffff85bd84e0 R14: 0000000000000000 R15: 0000000000000002
 vprintk_emit+0x143/0x630
 _printk+0xbe/0xf0
 set_capacity_and_notify+0x16a/0x240
 loop_configure+0xcb9/0x1590
 lo_ioctl+0x66d/0x1c70
 blkdev_ioctl+0x27c/0x6c0
 __x64_sys_ioctl+0x18f/0x210
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8e602738d7
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8e5d7e8f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8e602bd970 RCX: 00007f8e602738d7
RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 0000000000000005 R14: 00000000200016b8 R15: 0000000000000005
 </TASK>
irq event stamp: 1410
hardirqs last  enabled at (1420): [<ffffffff81541b18>] __up_console_sem+0x78/0x80
hardirqs last disabled at (1429): [<ffffffff81541afd>] __up_console_sem+0x5d/0x80
softirqs last  enabled at (0): [<ffffffff81395ed8>] copy_process+0x1e58/0x73c0
softirqs last disabled at (469): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
---[ end trace 0000000000000000 ]---
percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff88800db60980 pointer offset 0 size 64
FAT-fs (loop6): unable to read boot sector
msdos: Unknown parameter 'audit'
I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
FAT-fs (loop2): unable to read boot sector
----------------
Code disassembly (best guess):
   0:	e8 86 97 1f 00       	callq  0x1f978b
   5:	41 80 fd 03          	cmp    $0x3,%r13b
   9:	0f 86 ce 00 00 00    	jbe    0xdd
   f:	e8 a7 9c 1f 00       	callq  0x1f9cbb
  14:	48 89 ee             	mov    %rbp,%rsi
  17:	31 ff                	xor    %edi,%edi
  19:	45 31 e4             	xor    %r12d,%r12d
  1c:	e8 fa 97 1f 00       	callq  0x1f981b
  21:	48 85 ed             	test   %rbp,%rbp
  24:	0f 85 6e 04 00 00    	jne    0x498
* 2a:	e8 8c 9c 1f 00       	callq  0x1f9cbb <-- trapping instruction
  2f:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  36:	fc ff df
  39:	48 03 44 24 08       	add    0x8(%rsp),%rax
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7