Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:3003' (ECDSA) to the list of known hosts. 2023/02/13 11:08:44 fuzzer started 2023/02/13 11:08:44 dialing manager at localhost:39143 syzkaller login: [ 45.786315] cgroup: Unknown subsys name 'net' [ 45.872086] cgroup: Unknown subsys name 'rlimit' 2023/02/13 11:09:00 syscalls: 2217 2023/02/13 11:09:00 code coverage: enabled 2023/02/13 11:09:00 comparison tracing: enabled 2023/02/13 11:09:00 extra coverage: enabled 2023/02/13 11:09:00 setuid sandbox: enabled 2023/02/13 11:09:00 namespace sandbox: enabled 2023/02/13 11:09:00 Android sandbox: enabled 2023/02/13 11:09:00 fault injection: enabled 2023/02/13 11:09:00 leak checking: enabled 2023/02/13 11:09:00 net packet injection: enabled 2023/02/13 11:09:00 net device setup: enabled 2023/02/13 11:09:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/13 11:09:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/13 11:09:00 USB emulation: enabled 2023/02/13 11:09:00 hci packet injection: enabled 2023/02/13 11:09:00 wifi device emulation: enabled 2023/02/13 11:09:00 802.15.4 emulation: enabled 2023/02/13 11:09:00 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/13 11:09:00 fetching corpus: 38, signal 20065/23708 (executing program) 2023/02/13 11:09:00 fetching corpus: 77, signal 27808/33034 (executing program) 2023/02/13 11:09:00 fetching corpus: 122, signal 41415/47825 (executing program) 2023/02/13 11:09:00 fetching corpus: 172, signal 50710/58306 (executing program) 2023/02/13 11:09:01 fetching corpus: 222, signal 58142/66835 (executing program) 2023/02/13 11:09:01 fetching corpus: 270, signal 66108/75742 (executing program) 2023/02/13 11:09:01 fetching corpus: 320, signal 71270/81917 (executing program) 2023/02/13 11:09:01 fetching corpus: 369, signal 75522/87138 (executing program) 2023/02/13 11:09:01 fetching corpus: 418, signal 79056/91665 (executing program) 2023/02/13 11:09:01 fetching corpus: 468, signal 85151/98356 (executing program) 2023/02/13 11:09:01 fetching corpus: 517, signal 89277/103188 (executing program) 2023/02/13 11:09:01 fetching corpus: 567, signal 92773/107397 (executing program) 2023/02/13 11:09:01 fetching corpus: 617, signal 96641/111888 (executing program) 2023/02/13 11:09:02 fetching corpus: 667, signal 99048/115079 (executing program) 2023/02/13 11:09:02 fetching corpus: 716, signal 101781/118432 (executing program) 2023/02/13 11:09:02 fetching corpus: 766, signal 104108/121427 (executing program) 2023/02/13 11:09:02 fetching corpus: 816, signal 107572/125360 (executing program) 2023/02/13 11:09:02 fetching corpus: 866, signal 110037/128358 (executing program) 2023/02/13 11:09:02 fetching corpus: 916, signal 112254/131142 (executing program) 2023/02/13 11:09:02 fetching corpus: 966, signal 115745/134826 (executing program) 2023/02/13 11:09:02 fetching corpus: 1016, signal 118193/137668 (executing program) 2023/02/13 11:09:03 fetching corpus: 1066, signal 123577/142733 (executing program) 2023/02/13 11:09:03 fetching corpus: 1116, signal 125704/145182 (executing program) 2023/02/13 11:09:03 fetching corpus: 1166, signal 127833/147576 (executing program) 2023/02/13 11:09:03 fetching corpus: 1216, signal 129886/149909 (executing program) 2023/02/13 11:09:03 fetching corpus: 1266, signal 131690/152049 (executing program) 2023/02/13 11:09:03 fetching corpus: 1316, signal 133432/154120 (executing program) 2023/02/13 11:09:03 fetching corpus: 1366, signal 134981/156086 (executing program) 2023/02/13 11:09:03 fetching corpus: 1416, signal 136428/157840 (executing program) 2023/02/13 11:09:04 fetching corpus: 1466, signal 138820/160246 (executing program) 2023/02/13 11:09:04 fetching corpus: 1516, signal 140373/162042 (executing program) 2023/02/13 11:09:04 fetching corpus: 1566, signal 142325/164053 (executing program) 2023/02/13 11:09:04 fetching corpus: 1616, signal 143731/165655 (executing program) 2023/02/13 11:09:04 fetching corpus: 1666, signal 145095/167208 (executing program) 2023/02/13 11:09:04 fetching corpus: 1716, signal 147051/169168 (executing program) 2023/02/13 11:09:04 fetching corpus: 1766, signal 148317/170614 (executing program) 2023/02/13 11:09:05 fetching corpus: 1815, signal 149127/171683 (executing program) 2023/02/13 11:09:05 fetching corpus: 1865, signal 151128/173547 (executing program) 2023/02/13 11:09:05 fetching corpus: 1915, signal 151923/174580 (executing program) 2023/02/13 11:09:05 fetching corpus: 1965, signal 153155/175919 (executing program) 2023/02/13 11:09:05 fetching corpus: 2015, signal 154706/177413 (executing program) 2023/02/13 11:09:05 fetching corpus: 2065, signal 155929/178676 (executing program) 2023/02/13 11:09:05 fetching corpus: 2113, signal 157209/179946 (executing program) 2023/02/13 11:09:05 fetching corpus: 2163, signal 158379/181159 (executing program) 2023/02/13 11:09:06 fetching corpus: 2213, signal 160062/182627 (executing program) 2023/02/13 11:09:06 fetching corpus: 2263, signal 160970/183636 (executing program) 2023/02/13 11:09:06 fetching corpus: 2313, signal 162269/184828 (executing program) 2023/02/13 11:09:06 fetching corpus: 2363, signal 163309/185875 (executing program) 2023/02/13 11:09:06 fetching corpus: 2412, signal 164546/186988 (executing program) 2023/02/13 11:09:06 fetching corpus: 2462, signal 166060/188207 (executing program) 2023/02/13 11:09:06 fetching corpus: 2512, signal 167335/189292 (executing program) 2023/02/13 11:09:06 fetching corpus: 2560, signal 168740/190439 (executing program) 2023/02/13 11:09:07 fetching corpus: 2610, signal 169866/191448 (executing program) 2023/02/13 11:09:07 fetching corpus: 2660, signal 170921/192409 (executing program) 2023/02/13 11:09:07 fetching corpus: 2710, signal 171812/193195 (executing program) 2023/02/13 11:09:07 fetching corpus: 2760, signal 173288/194268 (executing program) 2023/02/13 11:09:07 fetching corpus: 2810, signal 174008/194967 (executing program) 2023/02/13 11:09:07 fetching corpus: 2860, signal 174976/195780 (executing program) 2023/02/13 11:09:07 fetching corpus: 2910, signal 176293/196709 (executing program) 2023/02/13 11:09:08 fetching corpus: 2960, signal 177241/197411 (executing program) 2023/02/13 11:09:08 fetching corpus: 3010, signal 178682/198385 (executing program) 2023/02/13 11:09:08 fetching corpus: 3060, signal 179753/199149 (executing program) 2023/02/13 11:09:08 fetching corpus: 3110, signal 180743/199884 (executing program) 2023/02/13 11:09:08 fetching corpus: 3160, signal 181873/200605 (executing program) 2023/02/13 11:09:08 fetching corpus: 3210, signal 183038/201390 (executing program) 2023/02/13 11:09:08 fetching corpus: 3260, signal 183716/201933 (executing program) 2023/02/13 11:09:08 fetching corpus: 3309, signal 184547/202523 (executing program) 2023/02/13 11:09:09 fetching corpus: 3359, signal 185520/203152 (executing program) 2023/02/13 11:09:09 fetching corpus: 3409, signal 186469/203740 (executing program) 2023/02/13 11:09:09 fetching corpus: 3459, signal 186880/204102 (executing program) 2023/02/13 11:09:09 fetching corpus: 3509, signal 187660/204600 (executing program) 2023/02/13 11:09:09 fetching corpus: 3559, signal 188578/205117 (executing program) 2023/02/13 11:09:09 fetching corpus: 3609, signal 189613/205683 (executing program) 2023/02/13 11:09:09 fetching corpus: 3658, signal 190475/206181 (executing program) 2023/02/13 11:09:09 fetching corpus: 3708, signal 191217/206615 (executing program) 2023/02/13 11:09:10 fetching corpus: 3758, signal 191842/206984 (executing program) 2023/02/13 11:09:10 fetching corpus: 3808, signal 192503/207374 (executing program) 2023/02/13 11:09:10 fetching corpus: 3858, signal 193772/207880 (executing program) 2023/02/13 11:09:10 fetching corpus: 3908, signal 194941/208335 (executing program) 2023/02/13 11:09:10 fetching corpus: 3957, signal 195493/208649 (executing program) 2023/02/13 11:09:10 fetching corpus: 4007, signal 196121/208979 (executing program) 2023/02/13 11:09:10 fetching corpus: 4057, signal 196785/209261 (executing program) 2023/02/13 11:09:11 fetching corpus: 4105, signal 197488/209608 (executing program) 2023/02/13 11:09:11 fetching corpus: 4154, signal 198129/209901 (executing program) 2023/02/13 11:09:11 fetching corpus: 4203, signal 198773/210178 (executing program) 2023/02/13 11:09:11 fetching corpus: 4253, signal 199339/210404 (executing program) 2023/02/13 11:09:11 fetching corpus: 4303, signal 199965/210646 (executing program) 2023/02/13 11:09:11 fetching corpus: 4353, signal 200633/210854 (executing program) 2023/02/13 11:09:11 fetching corpus: 4403, signal 201115/211060 (executing program) 2023/02/13 11:09:12 fetching corpus: 4453, signal 201793/211253 (executing program) 2023/02/13 11:09:12 fetching corpus: 4502, signal 202421/211434 (executing program) 2023/02/13 11:09:12 fetching corpus: 4552, signal 202942/211611 (executing program) 2023/02/13 11:09:12 fetching corpus: 4601, signal 203277/211801 (executing program) 2023/02/13 11:09:12 fetching corpus: 4651, signal 203834/211966 (executing program) 2023/02/13 11:09:12 fetching corpus: 4700, signal 204512/212185 (executing program) 2023/02/13 11:09:12 fetching corpus: 4749, signal 205367/212367 (executing program) 2023/02/13 11:09:12 fetching corpus: 4797, signal 206090/212507 (executing program) 2023/02/13 11:09:12 fetching corpus: 4846, signal 206555/212633 (executing program) 2023/02/13 11:09:13 fetching corpus: 4896, signal 207076/212729 (executing program) 2023/02/13 11:09:13 fetching corpus: 4944, signal 207475/212806 (executing program) 2023/02/13 11:09:13 fetching corpus: 4993, signal 208194/212891 (executing program) 2023/02/13 11:09:13 fetching corpus: 5042, signal 208696/212979 (executing program) 2023/02/13 11:09:13 fetching corpus: 5092, signal 209228/213028 (executing program) 2023/02/13 11:09:13 fetching corpus: 5142, signal 209864/213074 (executing program) 2023/02/13 11:09:13 fetching corpus: 5187, signal 210320/213131 (executing program) 2023/02/13 11:09:13 fetching corpus: 5187, signal 210320/213202 (executing program) 2023/02/13 11:09:13 fetching corpus: 5187, signal 210320/213202 (executing program) 2023/02/13 11:09:16 starting 8 fuzzer processes 11:09:16 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:09:16 executing program 1: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 11:09:16 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) writev(r0, &(0x7f0000001140)=[{&(0x7f0000000140)="096a23776f7c64671acfe2dd8f177ab527d6f44d2620f41efdadfb1b44", 0x1d}], 0x1) [ 75.313128] audit: type=1400 audit(1676286556.164:6): avc: denied { execmem } for pid=261 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:09:16 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:09:16 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000300)=ANY=[@ANYBLOB="5398acdc7185bbbbbbbbbbbb86dd602ddc2000302c00fe880000000000000000000000000001fe800000000092"], 0x0) 11:09:16 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) 11:09:16 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[]) r0 = syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[]) r1 = dup2(r0, 0xffffffffffffffff) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x8010, r1, 0x0) syz_io_uring_setup(0x438a, &(0x7f0000000440)={0x0, 0xd23, 0x8, 0x1, 0xbe, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000004c0), &(0x7f0000000500)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000005c0)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x6, &(0x7f0000000580), 0x1, 0x0, 0x1}, 0x41) sendfile(r3, r2, 0x0, 0xfffffdef) 11:09:16 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) [ 76.510936] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.512887] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.514925] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.524444] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.525936] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.527125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.591619] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.593427] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.594684] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.597780] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.599540] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.600728] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.634584] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.636116] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.637599] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.640078] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.641270] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.642210] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.643247] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.643720] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.645328] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.646274] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.648681] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.651618] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.652677] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.654582] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.655934] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.656926] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.658152] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.659585] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.666009] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.676321] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.682618] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.684756] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.689830] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.691362] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.694028] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.695719] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 76.696983] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.740057] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.746058] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.749302] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.599314] Bluetooth: hci0: command 0x0409 tx timeout [ 78.661910] Bluetooth: hci4: command 0x0409 tx timeout [ 78.662003] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 78.726229] Bluetooth: hci7: command 0x0409 tx timeout [ 78.726263] Bluetooth: hci2: command 0x0409 tx timeout [ 78.727264] Bluetooth: hci1: command 0x0409 tx timeout [ 78.727999] Bluetooth: hci3: command 0x0409 tx timeout [ 78.790959] Bluetooth: hci5: command 0x0409 tx timeout [ 80.645992] Bluetooth: hci0: command 0x041b tx timeout [ 80.709901] Bluetooth: hci4: command 0x041b tx timeout [ 80.774052] Bluetooth: hci1: command 0x041b tx timeout [ 80.774875] Bluetooth: hci2: command 0x041b tx timeout [ 80.775581] Bluetooth: hci3: command 0x041b tx timeout [ 80.776316] Bluetooth: hci7: command 0x041b tx timeout [ 80.837971] Bluetooth: hci5: command 0x041b tx timeout [ 82.096043] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 82.099175] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 82.106217] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 82.118308] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 82.124086] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 82.141512] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.693995] Bluetooth: hci0: command 0x040f tx timeout [ 82.757898] Bluetooth: hci4: command 0x040f tx timeout [ 82.821898] Bluetooth: hci7: command 0x040f tx timeout [ 82.822599] Bluetooth: hci3: command 0x040f tx timeout [ 82.823304] Bluetooth: hci2: command 0x040f tx timeout [ 82.824017] Bluetooth: hci1: command 0x040f tx timeout [ 82.885866] Bluetooth: hci5: command 0x040f tx timeout [ 84.230921] Bluetooth: hci6: command 0x0409 tx timeout [ 84.742859] Bluetooth: hci0: command 0x0419 tx timeout [ 84.806907] Bluetooth: hci4: command 0x0419 tx timeout [ 84.870931] Bluetooth: hci1: command 0x0419 tx timeout [ 84.871349] Bluetooth: hci2: command 0x0419 tx timeout [ 84.871729] Bluetooth: hci3: command 0x0419 tx timeout [ 84.872153] Bluetooth: hci7: command 0x0419 tx timeout [ 84.934843] Bluetooth: hci5: command 0x0419 tx timeout [ 86.278945] Bluetooth: hci6: command 0x041b tx timeout [ 88.325841] Bluetooth: hci6: command 0x040f tx timeout [ 90.374965] Bluetooth: hci6: command 0x0419 tx timeout [ 120.281760] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.282431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.284467] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.500709] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.501364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.502969] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 121.329469] audit: type=1400 audit(1676286602.181:7): avc: denied { open } for pid=3619 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.332288] audit: type=1400 audit(1676286602.181:8): avc: denied { kernel } for pid=3619 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.348774] device lo entered promiscuous mode [ 122.608807] WARNING: stack going in the wrong direction? at do_syscall_64+0x3f/0x90 [ 123.086677] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.087417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.088871] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.151088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.151643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.153100] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 123.408405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.409298] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.410737] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.540416] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.541117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.543460] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 123.619151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.619728] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.621152] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.769820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.770409] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.771915] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 123.848947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.849508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.850604] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.996031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.996640] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.998226] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 124.048889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.050155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.059297] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 124.138056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.138707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.140379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 124.203123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.203743] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.205336] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 124.307831] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.308437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.309886] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 124.369239] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3869 'syz-executor.3' [ 124.382614] loop3: detected capacity change from 0 to 40 [ 124.451802] hrtimer: interrupt took 19076 ns [ 124.463310] syz-executor.3: attempt to access beyond end of device [ 124.463310] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 [ 124.500407] syz-executor.3: attempt to access beyond end of device [ 124.500407] loop3: rw=2049, sector=60, nr_sectors = 12 limit=40 [ 125.545749] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.546497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.548364] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 125.580875] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.581502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.583214] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:10:06 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:10:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:06 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) 11:10:06 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) 11:10:06 executing program 1: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 11:10:06 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) writev(r0, &(0x7f0000001140)=[{&(0x7f0000000140)="096a23776f7c64671acfe2dd8f177ab527d6f44d2620f41efdadfb1b44", 0x1d}], 0x1) [ 125.976534] loop3: detected capacity change from 0 to 40 11:10:06 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000300)=ANY=[@ANYBLOB="5398acdc7185bbbbbbbbbbbb86dd602ddc2000302c00fe880000000000000000000000000001fe800000000092"], 0x0) 11:10:06 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[]) r0 = syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[]) r1 = dup2(r0, 0xffffffffffffffff) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x8010, r1, 0x0) syz_io_uring_setup(0x438a, &(0x7f0000000440)={0x0, 0xd23, 0x8, 0x1, 0xbe, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000004c0), &(0x7f0000000500)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000005c0)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x6, &(0x7f0000000580), 0x1, 0x0, 0x1}, 0x41) sendfile(r3, r2, 0x0, 0xfffffdef) [ 125.984973] device lo left promiscuous mode 11:10:06 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) [ 126.007461] device lo entered promiscuous mode 11:10:06 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) writev(r0, &(0x7f0000001140)=[{&(0x7f0000000140)="096a23776f7c64671acfe2dd8f177ab527d6f44d2620f41efdadfb1b44", 0x1d}], 0x1) 11:10:06 executing program 1: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 11:10:06 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) [ 126.116923] syz-executor.3: attempt to access beyond end of device [ 126.116923] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:07 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) 11:10:07 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000300)=ANY=[@ANYBLOB="5398acdc7185bbbbbbbbbbbb86dd602ddc2000302c00fe880000000000000000000000000001fe800000000092"], 0x0) 11:10:07 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) writev(r0, &(0x7f0000001140)=[{&(0x7f0000000140)="096a23776f7c64671acfe2dd8f177ab527d6f44d2620f41efdadfb1b44", 0x1d}], 0x1) 11:10:07 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:10:07 executing program 1: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 11:10:07 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) 11:10:07 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[]) r0 = syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[]) r1 = dup2(r0, 0xffffffffffffffff) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x8010, r1, 0x0) syz_io_uring_setup(0x438a, &(0x7f0000000440)={0x0, 0xd23, 0x8, 0x1, 0xbe, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000004c0), &(0x7f0000000500)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000005c0)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x6, &(0x7f0000000580), 0x1, 0x0, 0x1}, 0x41) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 126.880157] loop3: detected capacity change from 0 to 40 [ 126.882873] device lo left promiscuous mode [ 126.897663] device lo entered promiscuous mode 11:10:07 executing program 7: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 11:10:07 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000300)=ANY=[@ANYBLOB="5398acdc7185bbbbbbbbbbbb86dd602ddc2000302c00fe880000000000000000000000000001fe800000000092"], 0x0) [ 126.983982] loop5: detected capacity change from 0 to 40 [ 126.988098] syz-executor.3: attempt to access beyond end of device [ 126.988098] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 126.996392] loop2: detected capacity change from 0 to 40 11:10:07 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:10:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 127.041760] loop1: detected capacity change from 0 to 40 11:10:07 executing program 7: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) [ 127.071162] device lo left promiscuous mode 11:10:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 127.079817] device lo entered promiscuous mode 11:10:07 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 127.108660] loop4: detected capacity change from 0 to 40 [ 127.138177] loop3: detected capacity change from 0 to 40 11:10:07 executing program 7: r0 = syz_io_uring_setup(0x6e8a, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000014c0)=0x0, &(0x7f0000001480)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000280), &(0x7f0000000240)='./file1\x00', 0x18}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) [ 127.153423] syz-executor.2: attempt to access beyond end of device [ 127.153423] loop2: rw=2049, sector=44, nr_sectors = 12 limit=40 [ 127.158310] syz-executor.5: attempt to access beyond end of device [ 127.158310] loop5: rw=2049, sector=44, nr_sectors = 12 limit=40 [ 127.171665] syz-executor.1: attempt to access beyond end of device [ 127.171665] loop1: rw=2049, sector=44, nr_sectors = 12 limit=40 [ 127.254691] syz-executor.4: attempt to access beyond end of device [ 127.254691] loop4: rw=2049, sector=44, nr_sectors = 12 limit=40 [ 127.259195] syz-executor.3: attempt to access beyond end of device [ 127.259195] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 127.837476] loop5: detected capacity change from 0 to 40 11:10:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) [ 127.870756] loop1: detected capacity change from 0 to 40 [ 127.882855] loop2: detected capacity change from 0 to 40 11:10:08 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) 11:10:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:08 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) 11:10:08 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[]) r0 = syz_mount_image$tmpfs(&(0x7f0000000200), &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[]) r1 = dup2(r0, 0xffffffffffffffff) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x8010, r1, 0x0) syz_io_uring_setup(0x438a, &(0x7f0000000440)={0x0, 0xd23, 0x8, 0x1, 0xbe, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000004c0), &(0x7f0000000500)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000005c0)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x6, &(0x7f0000000580), 0x1, 0x0, 0x1}, 0x41) sendfile(r3, r2, 0x0, 0xfffffdef) [ 127.912305] loop4: detected capacity change from 0 to 40 11:10:08 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) 11:10:08 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) [ 128.017473] syz-executor.1: attempt to access beyond end of device [ 128.017473] loop1: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:08 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='J', 0x1, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000001300)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r0, 0x0) 11:10:08 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 11:10:08 executing program 7: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) [ 128.197388] loop1: detected capacity change from 0 to 40 11:10:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:09 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup(r0) getsockname$inet6(r1, 0x0, &(0x7f0000000040)=0xfffffffffffffe11) 11:10:09 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) rmdir(&(0x7f0000000100)='./file0\x00') [ 128.288957] loop2: detected capacity change from 0 to 40 11:10:09 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 11:10:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:09 executing program 1: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x41) close(r0) 11:10:09 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000380)={'sit0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) 11:10:09 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f00000001c0)=@ng={0x4, 0x12}, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', 0x0}) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) r4 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000000000002e99a02f66696c65302f66696c65"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:10:09 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup(r0) getsockname$inet6(r1, 0x0, &(0x7f0000000040)=0xfffffffffffffe11) [ 128.937027] loop5: detected capacity change from 0 to 40 11:10:09 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup(r0) getsockname$inet6(r1, 0x0, &(0x7f0000000040)=0xfffffffffffffe11) [ 129.011652] loop2: detected capacity change from 0 to 40 [ 129.012715] loop4: detected capacity change from 0 to 40 11:10:09 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 11:10:09 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000380)={'sit0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) 11:10:09 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup(r0) getsockname$inet6(r1, 0x0, &(0x7f0000000040)=0xfffffffffffffe11) [ 129.660051] bio_check_eod: 7 callbacks suppressed [ 129.660086] syz-executor.4: attempt to access beyond end of device [ 129.660086] loop4: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:10 executing program 5: clock_adjtime(0x0, &(0x7f0000000100)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf423f}) [ 129.714953] loop3: detected capacity change from 0 to 40 [ 129.719527] loop2: detected capacity change from 0 to 40 11:10:10 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000380)={'sit0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) 11:10:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:12 executing program 1: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x41) close(r0) 11:10:12 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 11:10:12 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 11:10:12 executing program 5: clock_adjtime(0x0, &(0x7f0000000100)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf423f}) 11:10:12 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000380)={'sit0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) [ 129.828085] syz-executor.2: attempt to access beyond end of device [ 129.828085] loop2: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:13 executing program 1: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x41) close(r0) [ 129.851173] syz-executor.3: attempt to access beyond end of device [ 129.851173] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:13 executing program 5: clock_adjtime(0x0, &(0x7f0000000100)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf423f}) 11:10:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:14 executing program 5: clock_adjtime(0x0, &(0x7f0000000100)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf423f}) [ 129.955837] loop3: detected capacity change from 0 to 40 [ 130.018552] syz-executor.3: attempt to access beyond end of device [ 130.018552] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:15 executing program 1: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x41) close(r0) 11:10:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:15 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) [ 130.098143] loop3: detected capacity change from 0 to 40 [ 130.142375] syz-executor.3: attempt to access beyond end of device [ 130.142375] loop3: rw=2049, sector=44, nr_sectors = 12 limit=40 [ 130.839668] syz-executor.2 (4090) used greatest stack depth: 23848 bytes left [ 132.251246] loop2: detected capacity change from 0 to 40 11:10:18 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) sendmmsg$inet(r0, &(0x7f00000025c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 11:10:18 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:18 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000002240)=""/4109, 0x100d}], 0x1, 0x0, 0x0) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {0xfffffffa}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff2f, {r0}}, 0x58) 11:10:18 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x5}, 0x6) 11:10:18 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') pread64(r0, &(0x7f00000000c0)=""/94, 0x5e, 0x0) 11:10:18 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff}, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fork() perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x6, 0x8, 0x81, 0x0, 0x7fffffff, 0x11337, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xc1, 0x2, @perf_config_ext={0x7fffffff, 0x1}, 0x20, 0x7fffffff, 0x0, 0x7, 0x2, 0xffffffff, 0x4, 0x0, 0x80000001, 0x0, 0x1000}, r1, 0xb, 0xffffffffffffffff, 0x2) ptrace$setopts(0x4206, r1, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 11:10:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 132.267004] loop7: detected capacity change from 0 to 40 11:10:18 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200081}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) renameat(r0, &(0x7f0000000000)='./file1\x00', r0, &(0x7f0000000040)='./file0\x00') dup(0xffffffffffffffff) [ 132.298292] loop3: detected capacity change from 0 to 40 11:10:18 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x5}, 0x6) 11:10:18 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) sendmmsg$inet(r0, &(0x7f00000025c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 11:10:18 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') pread64(r0, &(0x7f00000000c0)=""/94, 0x5e, 0x0) [ 132.381767] syz-executor.2: attempt to access beyond end of device [ 132.381767] loop2: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:18 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x5}, 0x6) [ 132.430483] syz-executor.7: attempt to access beyond end of device [ 132.430483] loop7: rw=2049, sector=44, nr_sectors = 12 limit=40 11:10:18 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) sendmmsg$inet(r0, &(0x7f00000025c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 11:10:18 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') pread64(r0, &(0x7f00000000c0)=""/94, 0x5e, 0x0) 11:10:18 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000002240)=""/4109, 0x100d}], 0x1, 0x0, 0x0) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {0xfffffffa}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff2f, {r0}}, 0x58) 11:10:18 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200081}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) renameat(r0, &(0x7f0000000000)='./file1\x00', r0, &(0x7f0000000040)='./file0\x00') dup(0xffffffffffffffff) 11:10:18 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1/file0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x2000, 0x102}, 0x18) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x401, 0x34, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x7, 0xffff, 0x1f}}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) execveat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', &(0x7f0000000640)=[&(0x7f0000000380)='vfat\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000440)='/proc/sysvipc/shm\x00', &(0x7f0000000480)='/proc/sysvipc/shm\x00', &(0x7f00000004c0)='))\\\x00', &(0x7f0000000500)='(\x00', &(0x7f0000000540)='/dev/nvram\x00', &(0x7f0000000580)='vfat\x00'], &(0x7f00000007c0)=[&(0x7f0000000680)='/dev/nvram\x00', &(0x7f00000006c0)='%\'\x00', &(0x7f0000000700)='},[)/\xf5\x00', &(0x7f0000000740)='/dev/nvram\x00', &(0x7f0000000780)='vfat\x00'], 0x800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:10:18 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) sendmmsg$inet(r0, &(0x7f00000025c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 11:10:18 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x5}, 0x6) [ 132.543345] loop7: detected capacity change from 0 to 40 [ 132.543530] loop3: detected capacity change from 0 to 40 11:10:18 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') pread64(r0, &(0x7f00000000c0)=""/94, 0x5e, 0x0) VM DIAGNOSIS: 11:10:03 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=00000000000d000c RCX=00000000000d000d RDX=ffff88800b321000 RSI=ffffea00002cc840 RDI=0000000048800000 RBP=ffffea00002cc840 RSP=ffff88803d0ffcd0 R8 =0000000000000001 R9 =00000000800d000c R10=ffffea00002cc840 R11=0000000000000001 R12=0000000000000000 R13=ffff88800844f780 R14=ffff88800b321000 R15=ffff88800b321000 RIP=ffffffff817f7d27 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe08af88f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe08af88d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffc40dc9020 CR3=000000001c386000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000ffffff000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000046 RBX=ffff8880161f9ac0 RCX=1ffffffff0ba2681 RDX=1ffff11002c3f483 RSI=0000000000000000 RDI=ffffffff8448b45c RBP=ffffffff8448b45c RSP=ffff888014537d18 R8 =0000000000000001 R9 =0000000000000001 R10=fffffbfff0ba2b9a R11=0000000000000001 R12=ffff888031602420 R13=ffff8880316023d0 R14=0000000000000000 R15=ffff8880087a6c20 RIP=ffffffff8446ac5e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f64aec5d540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3f93470000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3f9346e000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055d091c974c8 CR3=000000000e122000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=2e7473696c6b63616c622d7665646266 XMM01=00666e6f632e7473696c6b63616c622d XMM02=00000000000000000000ffffffffffff XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000