x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:24 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x38b5, &(0x7f0000000000)={0x0, 0xd9c4, 0x4, 0x0, 0x16e}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000340))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)="d095b8bbfff4c62b21d1049771994b413fbfe6c6667f19455a19a7a799555d26be85851c404c305cf55eaa5fceaa7f9e0a9ab59828b61aa9ca84da50493bdcee01c03c196937f71c8b84eef8c7abff1d31a53ed748962956bf7fb728efbc671ebdf4be237175732aa8334c42c11fbcab9599ddefa9b04ecdd6932e8f260a596ea5f46cb866325f8e0cea3eeeab8ab5cd28fa6f4bd491e853360934ec98d001cc9867e44ad86332e7d0567c9b273c27dd19e3d4d9c8c16e30e41013ab", 0xbc, 0x12002, 0x1}, 0x7fff)
r2 = dup3(r0, r0, 0x0)
io_uring_enter(r2, 0xdb3, 0xc6ae, 0x1, &(0x7f0000000180), 0x8)
r3 = gettid()
r4 = getpgid(r3)
pidfd_open(r4, 0x0)
r5 = syz_open_procfs(r4, &(0x7f0000000380)='net/ipv6_route\x00')
r6 = fork()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
waitid(0x1, r6, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
recvmmsg$unix(r5, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f00000004c0)=""/213, 0xd5}, {&(0x7f00000005c0)=""/6, 0x6}, {&(0x7f0000000600)=""/20, 0x14}, {&(0x7f0000000640)=""/171, 0xab}, {&(0x7f0000000700)=""/7, 0x7}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/183, 0xb7}, {&(0x7f0000001800)=""/200, 0xc8}], 0x8, &(0x7f0000001980)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f0000001a40), 0x6e, &(0x7f0000001b00)=[{&(0x7f0000001ac0)=""/3, 0x3}], 0x1, &(0x7f0000001b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r7=>0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}, {{&(0x7f0000001c40)=@abs, 0x6e, &(0x7f0000001f80)=[{&(0x7f0000001cc0)=""/155, 0x9b}, {&(0x7f0000001d80)=""/215, 0xd7}, {&(0x7f0000001e80)=""/58, 0x3a}, {&(0x7f0000001ec0)}, {&(0x7f0000001f00)=""/89, 0x59}], 0x5}}], 0x3, 0x10000, &(0x7f00000020c0)={0x0, 0x989680})
tgkill(r6, r7, 0x21)
r8 = socket$unix(0x1, 0x2, 0x0)
pread64(r8, &(0x7f00000003c0)=""/249, 0xf9, 0x5b)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 1932.499627] loop7: detected capacity change from 0 to 40
[ 1932.511398] loop1: detected capacity change from 0 to 40
[ 1932.517660] loop6: detected capacity change from 0 to 40
[ 1932.571109] loop2: detected capacity change from 0 to 40
11:40:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1932.649101] syz-executor.1: attempt to access beyond end of device
[ 1932.649101] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1932.650561] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 1932.653339] syz-executor.7: attempt to access beyond end of device
[ 1932.653339] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1932.654699] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1932.772649] syz-executor.2: attempt to access beyond end of device
[ 1932.772649] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1932.774109] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1932.781431] syz-executor.6: attempt to access beyond end of device
[ 1932.781431] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1932.783037] Buffer I/O error on dev loop6, logical block 10, lost async page write
11:40:24 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1932.803553] random: crng reseeded on system resumption
[ 1932.829382] loop1: detected capacity change from 0 to 40
11:40:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:40:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:24 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 1932.929473] loop7: detected capacity change from 0 to 40
11:40:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1932.943004] loop2: detected capacity change from 0 to 40
[ 1932.977510] syz-executor.1: attempt to access beyond end of device
[ 1932.977510] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1932.979193] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:40:24 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x5, 0x80, 0x6, 0x6, 0x0, 0xffff, 0x100, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3ff, 0x1, @perf_config_ext={0x1, 0x5}, 0x100, 0x6a28, 0x7ad6, 0x9, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xffffffffffff16ab}, r1, 0xc, r0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x80, 0x80, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, @perf_config_ext={0x0, 0x20}, 0x204, 0xea4d, 0x9, 0x9, 0x1, 0x6, 0x4, 0x0, 0x4, 0x0, 0x3}, 0xffffffffffffffff, 0x5, r2, 0x9)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 1933.009901] loop6: detected capacity change from 0 to 40
[ 1933.180187] syz-executor.7: attempt to access beyond end of device
[ 1933.180187] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1933.181905] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1933.241188] syz-executor.2: attempt to access beyond end of device
[ 1933.241188] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1933.242455] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1933.267584] syz-executor.6: attempt to access beyond end of device
[ 1933.267584] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1933.269734] Buffer I/O error on dev loop6, logical block 10, lost async page write
11:40:47 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, 0x0, 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:47 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
process_vm_readv(r1, &(0x7f0000000400)=[{&(0x7f0000000180)=""/20, 0x14}, {&(0x7f0000000300)=""/45, 0x2d}, {&(0x7f0000000340)=""/155, 0x9b}], 0x3, &(0x7f00000005c0)=[{&(0x7f0000000480)=""/89, 0x59}, {&(0x7f0000000500)=""/37, 0x25}, {&(0x7f0000000540)=""/42, 0x2a}, {&(0x7f0000000580)=""/29, 0x1d}], 0x4, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:40:47 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:40:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:47 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:40:47 executing program 5:
perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x10840, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000140)=<r4=>0x0)
perf_event_open(&(0x7f0000000500)={0x5, 0x80, 0x9, 0x7, 0x7f, 0xff, 0x0, 0x7, 0xcc010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9eb8, 0x1, @perf_config_ext={0x200, 0x9}, 0x802, 0x9, 0x0, 0x7, 0xc4, 0x2c4, 0x81, 0x0, 0x1, 0x0, 0x7}, r4, 0x5, 0xffffffffffffffff, 0xa)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendfile(r5, r2, &(0x7f0000000240), 0x1)
perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x8, 0x4, 0x80, 0x80, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x7fff, 0x1}, 0x13453, 0x5, 0x7f, 0x4, 0x1, 0x7, 0x9, 0x0, 0x20, 0x0, 0x6}, r4, 0xffffffffffffffff, r1, 0x1)
r6 = fork()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
waitid(0x1, r6, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x7, 0x80, 0x8, 0x1, 0x0, 0x9, 0x1a04, 0xa, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000380), 0x9}, 0x53dca, 0x1b, 0x3ff, 0x0, 0x9, 0x5, 0x4, 0x0, 0x8, 0x0, 0x1ca}, r0, 0x5, 0xffffffffffffffff, 0x3)
ptrace$setregs(0xf, r6, 0x7, &(0x7f0000000000)="f54b7de393ce8ccb67aaf21ea48e71b8412ed17bf18d85bf40a9f80c4d")

11:40:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 1955.166890] loop1: detected capacity change from 0 to 40
[ 1955.179030] loop6: detected capacity change from 0 to 40
[ 1955.183124] loop7: detected capacity change from 0 to 40
[ 1955.186832] loop2: detected capacity change from 0 to 40
11:40:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, 0x0, 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:47 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r3 = creat(&(0x7f0000000400)='./file0\x00', 0x98)
perf_event_open(&(0x7f0000000480)={0x5, 0x80, 0x2, 0x3, 0x4, 0x5, 0x0, 0x101, 0x10500, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xff, 0x4, @perf_bp={&(0x7f00000003c0)}, 0x1, 0x100000000, 0x3, 0x5, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x40}, r2, 0xe, r3, 0x8)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x10044094)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

[ 1955.334346] syz-executor.7: attempt to access beyond end of device
[ 1955.334346] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.335895] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1955.362719] syz-executor.6: attempt to access beyond end of device
[ 1955.362719] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.364310] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 1955.378006] syz-executor.1: attempt to access beyond end of device
[ 1955.378006] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.379294] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 1955.384059] syz-executor.2: attempt to access beyond end of device
[ 1955.384059] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.385407] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:40:47 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:40:47 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:40:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, 0x0, 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:40:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1955.590366] loop6: detected capacity change from 0 to 40
[ 1955.598623] cgroup: fork rejected by pids controller in /syz3
[ 1955.600643] loop7: detected capacity change from 0 to 40
[ 1955.602277] loop1: detected capacity change from 0 to 40
11:40:47 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000140)={0x0, <r1=>0x0})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002e00)=[{{&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1, &(0x7f0000001300)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/211, 0xd3}, {&(0x7f00000014c0)=""/168, 0xa8}, {&(0x7f0000001580)=""/253, 0xfd}], 0x3, &(0x7f0000001680)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x110}}, {{&(0x7f00000017c0)=@abs, 0x6e, &(0x7f0000002cc0)=[{&(0x7f0000001840)=""/4096, 0x1000}, {&(0x7f0000002840)=""/133, 0x85}, {&(0x7f0000002900)=""/135, 0x87}, {&(0x7f00000029c0)=""/117, 0x75}, {&(0x7f0000002a40)=""/3, 0x3}, {&(0x7f0000002a80)=""/49, 0x31}, {&(0x7f0000002ac0)=""/198, 0xc6}, {&(0x7f0000002bc0)=""/225, 0xe1}], 0x8, &(0x7f0000002d40)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}}], 0x3, 0x20, &(0x7f0000002ec0)={0x77359400})
perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x7f, 0x81, 0x6f, 0x7e, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x2, @perf_config_ext={0xffffffff, 0x1f}, 0x140, 0x7ff, 0x9, 0x3, 0x8, 0xfe, 0x8, 0x0, 0x46e0242d, 0x0, 0x7ff}, r1, 0x5, r2, 0x9)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 1955.623371] loop2: detected capacity change from 0 to 40
[ 1955.751976] syz-executor.6: attempt to access beyond end of device
[ 1955.751976] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.753399] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 1955.775984] syz-executor.7: attempt to access beyond end of device
[ 1955.775984] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.777398] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1955.789012] syz-executor.1: attempt to access beyond end of device
[ 1955.789012] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.790488] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 1955.864953] syz-executor.2: attempt to access beyond end of device
[ 1955.864953] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1955.866198] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:41:03 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:41:03 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:03 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:03 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:41:03 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x6, 0x49, 0x9, 0x7d, 0x0, 0x800, 0x140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x0, @perf_config_ext={0x2, 0x87}, 0x2, 0x0, 0x17f, 0x7, 0x8, 0x4a96, 0xc4, 0x0, 0x7b5, 0x0, 0x2}, 0xffffffffffffffff, 0xf, r0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r1, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
r2 = syz_io_uring_setup(0x336c, &(0x7f0000000000)={0x0, 0x8cdc, 0x8, 0x2, 0x290}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYBLOB="0367696c653000"])

11:41:03 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:41:03 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="98000000bf166235b31c33109117a8175ef118b792432f08e4e340c354a546a0ba114303808ece2f6c8242cccfbf42f970e5d04c7f0e2a0b26c51d608f0229a727624786e9157426f5792925e0d821f56bb9c1f5b2756560b6227bd5c56430eb61d30c44382593079371685ba9289089ae1d52f9cceebe9973be1e14d317afb327a63413999be8c8a1300012670819eb877805d42945cf6d8469af7a1cc4869efb05385958af48190cb779cc4f4f0c20", @ANYRES16, @ANYBLOB="01000300"/18, @ANYRES32, @ANYBLOB="36b50023c9289941291bd72a5af1feff06f1ffff70625cf2ddc0b5a9c23436e199d5711dc026a0d62f6303202b44d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = openat2(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)={0x40a000, 0x40}, 0x18)
timer_create(0x7, &(0x7f0000000540)={0x0, 0xf, 0x4, @thr={&(0x7f0000000340)="77488966bc70b6320bf74ef4c9f5f8e99bc924b4afa05566452cb23d25f8872b9281693714f29d53e99e2ee4406a0d3761779de645f86922e086b9d083d64276fc772c260c9776660fa62c1e443188cad475133f9f221303d341a945aab8d5516cd0cd2e5648ff4bdad6780411f683da91c93188dfc496d85d61d5e553474c2c5da05f00df00a1b577e8886bf6b2b3672ac3fab6ff7269a2408116d2886483c8ea44ad01581c37eae4bd1cc8f84062b63d9a07df31cea23199bdd986f0120e81a246867426695054a561f52cedbda855b59a5354b9ea1fe7d027627f4804cc615e11f6f131b3c28ebc11701894db17cba890270865f2297b3bdf07", &(0x7f0000000480)="44fa2fb48e562e4381707de14ea4139c5ab5b7680ed58f61328991de60d94fb9f57242cf3a86eb731bca3adc2f2295251f3cba5fea813f56f4f440a56162d7a3c737ab220075292e5ab5c8acea88758ea51ffb93131c3a6ae9d25baa133ea1e325d8227514155e675fb6bfe7862f770bcb2758c77fdcf233a0c55c16bb5162908f550e0043352bbde99849c56097"}}, &(0x7f0000000580))
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r5, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

[ 1971.339971] loop7: detected capacity change from 0 to 40
[ 1971.344613] loop1: detected capacity change from 0 to 40
[ 1971.366261] loop2: detected capacity change from 0 to 40
[ 1971.528676] syz-executor.7: attempt to access beyond end of device
[ 1971.528676] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1971.530095] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1971.553584] syz-executor.1: attempt to access beyond end of device
[ 1971.553584] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1971.555175] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 1971.627139] syz-executor.2: attempt to access beyond end of device
[ 1971.627139] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1971.629086] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:41:03 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:41:03 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 1971.717052] loop1: detected capacity change from 0 to 40
11:41:03 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:03 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x1, 0xafed}}, './file0\x00'})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@ipv4={""/10, ""/2, @multicast2}}, 0x0, @in6=@loopback}}, &(0x7f0000000240)=0xe8)
r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f00000007c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000780)={&(0x7f0000000300)={0x464, 0x0, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x110, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x108, 0x3, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '%\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fffffff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4b6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '\t%\'(\\.\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ')^\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '@^^!+-($^*\r\'\x00'}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x18, 0x2, '+-\']/{\\&^m*^}\x0e}.!*,\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x76fe}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x2ac, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x40, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xcc31}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '^[\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0x10c, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x4}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '@\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9d2d}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '$\xb9\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}]}, {0x4}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7}, @ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_MASK={0x6b, 0x5, "12fa813a9fce4d30567a94f0ce11168071fda23e5e1f1e6936c4a7692ff499b1a998bcd6efda3effa4e72d58a45c5a3a748252cbd4efdba9ff35c115682ec0d084cdca602bebef95fc36ee39d967f0b9383b021932b15534dbca7b0843da1aeb96e02e1bb2859e"}, @ETHTOOL_A_BITSET_BITS={0xd0, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '&/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xaff1e02}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x82}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '-\xa4\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '$\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x464}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

11:41:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1971.860941] loop7: detected capacity change from 0 to 40
11:41:03 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="01000000508c401d00002b000000081f0300890dcebc990ec04fbb5f2bbfc9fc5a71bf643ce8923780301adbcdeef1a6fb0897ef27ebe16dbc2dafa8a6415b1576b373c76a76cb00fcde9ad9230248976b152f8ca13038fbeba071352f6204be619061de6d3d54d5ba565cb3585b38146432647d4dd777aa5f309c49bf359e851a6ab23f14ed17e4407dbf181ec45f659508ff65675377d3e35fd9665e6d1f6074e7b942a3f41d6803c368aced42a4fdaac6bd0b4b1643ef73e2e39cd58d6140398037509983f0ec50cb7f919ca2005e284f90bf74415cf9dc5741023423a1ad5cb647552fe544ef8ddecdbe75f9b14af850b2bac61247cfc0f14bda1f5bb59b2ac405b6bff62c1d38b14c4a7c8f42baf1aa2b66cd84665b43f63055349c365a6982139e21baa3f76ade8e0077846cd8bf7dcb85d2efcbc79cb62df779057c3604329310c5274dd299d46b561b16d8e827e49e865d17a5f6f8cb3cb9dbdb9b1e1470e2f48ca031402c467366854c30bfabccaf0a2394fc50cd9829a8b8228f3e8743d118ec5590cc0a989c7555607fd59479ce283544cf7fe8bf4526a6eb7e1d748c5dcda0f9c437fa5cca26e056265d1fa25917993ec92798974f16b142e3eb5013de88ab4a1c0a742584aab339066ef6e90c420f0024e32e44c3493471c1eb798716715c0c", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x280008d0}, 0x20000080)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
rt_sigqueueinfo(0x0, 0x2a, &(0x7f0000000300)={0xf, 0xe3c, 0x7f08})

[ 1971.933633] loop2: detected capacity change from 0 to 40
11:41:03 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x3f, 0xfb, 0x81, 0x5, 0x0, 0xc73b, 0xe111, 0xb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x80000001, 0x1, @perf_config_ext={0x3, 0x8214}, 0x400, 0x9, 0x9, 0x4, 0x4, 0x7fffffff, 0x9, 0x0, 0x400}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x426a1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffc, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x6, 0x0, 0x1f}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r0, 0x80286722, &(0x7f0000000180)={&(0x7f0000000140)=""/52, 0x34, 0x3, 0x508f})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r1, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$SNAPSHOT_FREE(r1, 0x3305)

[ 1972.002616] syz-executor.7: attempt to access beyond end of device
[ 1972.002616] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1972.003916] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1972.021355] syz-executor.1: attempt to access beyond end of device
[ 1972.021355] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1972.022927] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:41:04 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1972.179457] syz-executor.2: attempt to access beyond end of device
[ 1972.179457] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1972.180989] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1972.197427] loop7: detected capacity change from 0 to 40
[ 1972.314513] syz-executor.7: attempt to access beyond end of device
[ 1972.314513] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1972.315954] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:41:19 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
waitid(0x1, r1, &(0x7f0000000300), 0x8, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:41:19 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

11:41:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:19 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:41:19 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 1987.320660] loop2: detected capacity change from 0 to 40
11:41:19 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\b\x00'/12, @ANYRES32=<r1=>r0, @ANYBLOB="00000000070000002e2f666996653000"])
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r2, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open$cgroup(&(0x7f0000000140)={0x5, 0x80, 0x42, 0x81, 0x63, 0x85, 0x0, 0x8000, 0x10429, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3df0, 0x2, @perf_bp={&(0x7f0000000040), 0x8}, 0x422a0, 0xfff, 0x10001, 0x3, 0x3, 0xfffffbff, 0x3, 0x0, 0xc503, 0x0, 0x6}, r1, 0xc, r2, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x1, @loopback, 0x8000}, 0x1c)

[ 1987.335999] loop7: detected capacity change from 0 to 40
[ 1987.351715] loop1: detected capacity change from 0 to 40
11:41:19 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r4, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

11:41:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 1987.493689] syz-executor.2: attempt to access beyond end of device
[ 1987.493689] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1987.495478] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1987.501146] syz-executor.7: attempt to access beyond end of device
[ 1987.501146] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1987.502495] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1987.539131] syz-executor.1: attempt to access beyond end of device
[ 1987.539131] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1987.540528] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:41:19 executing program 5:
r0 = getpgid(0xffffffffffffffff)
capset(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000040)={0x1f, 0x1, 0x1, 0x4, 0x1ff, 0x9})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:41:19 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:41:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:19 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 1987.702694] loop1: detected capacity change from 0 to 40
[ 1987.741287] loop7: detected capacity change from 0 to 40
[ 1987.748503] loop2: detected capacity change from 0 to 40
11:41:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

11:41:19 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
r4 = fork()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
waitid(0x1, r4, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
getpgrp(r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r5=>r2, {0x7a5}}, './file0\x00'})
perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x1, 0x9, 0x2, 0x7, 0x0, 0x401, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x65d, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x201, 0x0, 0x8, 0x2, 0x401, 0x81, 0x80, 0x0, 0x2, 0x0, 0xbf06}, r1, 0xa, r5, 0xb)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

[ 1987.830700] syz-executor.1: attempt to access beyond end of device
[ 1987.830700] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1987.832264] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:41:19 executing program 5:
mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x40, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r1=>0x0}, &(0x7f0000000040)=0xc)
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp(r0, r1, 0x1, r2, 0xffffffffffffffff)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:41:19 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 1987.950466] syz-executor.2: attempt to access beyond end of device
[ 1987.950466] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1987.952106] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1987.963079] syz-executor.7: attempt to access beyond end of device
[ 1987.963079] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1987.964416] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1988.017167] loop1: detected capacity change from 0 to 40
[ 1988.175693] syz-executor.1: attempt to access beyond end of device
[ 1988.175693] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1988.177535] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:41:35 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:41:35 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0xf7, 0x40, 0x8, 0x5, 0x0, 0xfff, 0x40000, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6, 0x4, @perf_config_ext={0x2, 0x80}, 0x1020, 0x4, 0x1, 0x5, 0x6, 0x10003, 0x7fff, 0x0, 0x3d, 0x0, 0x5}, r0, 0xf, 0xffffffffffffffff, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:41:35 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010003000000000000003f00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:41:35 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:41:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 2003.311415] loop1: detected capacity change from 0 to 40
[ 2003.322642] loop7: detected capacity change from 0 to 40
[ 2003.329451] loop2: detected capacity change from 0 to 40
11:41:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

11:41:35 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(0x0, 0x9, &(0x7f0000000280)={0x15, 0xe8fe, 0xfffffffe})
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, @perf_config_ext={0xfffd, 0x4}, 0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1ff}, r1, 0x10, 0xffffffffffffffff, 0x8)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="980400da", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc826a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x4008f50a, &(0x7f0000000180)={0x4, 0x346})
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:41:35 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
clock_gettime(0x0, &(0x7f0000001fc0)={<r2=>0x0, <r3=>0x0})
gettid()
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000300)=""/218, 0xda}, {&(0x7f0000000400)=""/208, 0xd0}, {&(0x7f0000000840)=""/84, 0x54}, {&(0x7f0000000500)=""/132, 0x84}, {&(0x7f00000005c0)=""/249, 0xf9}, {&(0x7f0000002040)=""/12, 0xc}, {&(0x7f0000000700)=""/183, 0xb7}], 0x7, &(0x7f0000002080)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r5=>0x0}}}], 0xa8}}, {{&(0x7f0000000900), 0x6e, &(0x7f0000001e80)=[{&(0x7f0000000980)=""/210, 0xd2}, {&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/205, 0xcd}, {&(0x7f0000001b80)=""/66, 0x42}, {&(0x7f0000001c00)=""/144, 0x90}, {&(0x7f0000001cc0)=""/225, 0xe1}, {&(0x7f0000001dc0)=""/143, 0x8f}], 0x7, &(0x7f0000002140)=ANY=[@ANYBLOB="20000000130000006e00000001000000729004d4e7cd3aa306d2820e2e2298e97250409cc5e7a7203470cbe399e9d50bd1e7cabbf62279e410376f749dc6f1e3d618da273e87ba2489e5fcfb84c8854c4fc90531b18004cff243f264096a542e382478c4dc168066a0d647bd98b6b15c536c4d596527a929ae405292687943b58593923e18750ece537d8874c596978ae932ed7108745d5cf4bdfe7e164d548ac9e059d9a06757e5b5a89d720ce3bcbc8cdd21c3ab9fc40949ed3e7f0634e57f502053d6b6fd31d0f235e66ac8aab6a94e1302e4d0", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x20}}], 0x2, 0x0, &(0x7f0000002000)={r2, r3+60000000})
perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0xcd, 0x7, 0x2, 0xb3, 0x0, 0x6, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x4, 0x6}, 0x40, 0xd33, 0x1, 0x6, 0x0, 0x80000001, 0x7, 0x0, 0x2, 0x0, 0x400}, r5, 0x2, r1, 0x0)
r6 = getpgid(r0)
clock_gettime(0x0, &(0x7f0000000240))
r7 = creat(&(0x7f0000000140)='./file0\x00', 0x69)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000002240)={0x4, 0x9, 0x3, 0x6, 0xa, [{0x101, 0x800, 0x7, '\x00', 0x1800}, {0x65f, 0x80aa, 0x20, '\x00', 0x2000}, {0x2, 0x93, 0x2, '\x00', 0x2000}, {0x80000000, 0x401, 0xe6f0, '\x00', 0x806}, {0x1, 0x3, 0x9, '\x00', 0x781}, {0x3, 0x6, 0x2, '\x00', 0xa80}, {0x0, 0x9, 0x1, '\x00', 0x980}, {0x5, 0x0, 0x8000, '\x00', 0x1103}, {0x2, 0x3, 0x5, '\x00', 0xc}, {0xf0c9, 0x0, 0x1, '\x00', 0x1080}]})
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x20, 0x72, 0x81, 0x1, 0x0, 0x2, 0x2, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x2, @perf_config_ext={0x7, 0x1ff}, 0x2032, 0xcc, 0x80000001, 0x8, 0x5, 0x7fff, 0x20a5, 0x0, 0x7, 0x0, 0x7fff}, r6, 0x0, r7, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2003.522556] syz-executor.7: attempt to access beyond end of device
[ 2003.522556] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2003.523923] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2003.530241] syz-executor.1: attempt to access beyond end of device
[ 2003.530241] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2003.531707] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2003.544436] syz-executor.2: attempt to access beyond end of device
[ 2003.544436] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2003.545962] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:41:35 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:41:35 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x3ffffffc, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x4, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="980000007be96e241c5783d7e8bc1e1f02eb94d85373e9ee0be9c9ea38ad19ce8e62b5f272a44b773662a9719ccd0da879b9c6d29d1a98472f8ccd68b422e7b60ec5ac3eea905bb7b86aa06d934c02cabf0d2bb118d4de756f67ef4733163049b75848c3e9059bbe364cda796b32c507e660324a5505cdd8fded", @ANYRES16, @ANYBLOB="01000000000000ffffffff00000000000000", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

11:41:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:41:35 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2003.780324] loop1: detected capacity change from 0 to 40
11:41:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 2003.838709] loop7: detected capacity change from 0 to 40
[ 2003.923285] syz-executor.7: attempt to access beyond end of device
[ 2003.923285] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2003.924700] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2003.968352] syz-executor.1: attempt to access beyond end of device
[ 2003.968352] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2003.970185] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:41:51 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:51 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
waitid(0x1, r1, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x6, 0x1f, 0xfc, 0x7, 0x0, 0xfffffffffffffffe, 0x18a, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000000), 0x8}, 0x14c88, 0x3, 0x2, 0x0, 0x100000001, 0x3, 0x3, 0x0, 0x80000000, 0x0, 0x1000000000000}, r1, 0xb, r0, 0x1)

11:41:51 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:41:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:51 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = dup3(r0, 0xffffffffffffffff, 0x80000)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:41:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)

11:41:51 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:41:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2019.517609] loop2: detected capacity change from 0 to 40
[ 2019.537850] loop1: detected capacity change from 0 to 40
[ 2019.540750] loop7: detected capacity change from 0 to 40
[ 2019.664685] syz-executor.2: attempt to access beyond end of device
[ 2019.664685] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2019.666225] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:41:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)

[ 2019.670541] syz-executor.1: attempt to access beyond end of device
[ 2019.670541] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2019.671871] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:41:51 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x5, 0x80, 0x0, 0x9, 0x0, 0x4, 0x0, 0x2, 0x14004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = getpgid(r1)
waitid(0x1, r3, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r4, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0x3, 0x3, 0x3f, 0x20, 0x0, 0xfffffffffffffffe, 0x4, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x86, 0x2, @perf_bp={&(0x7f0000000180), 0x9}, 0x2, 0x4, 0x7, 0x0, 0x8, 0x3, 0x6, 0x0, 0x200, 0x0, 0x3f}, r2, 0x8, r4, 0x8)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

11:41:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2019.786111] syz-executor.7: attempt to access beyond end of device
[ 2019.786111] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2019.787409] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:41:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2019.883152] loop1: detected capacity change from 0 to 40
11:41:51 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:41:51 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2019.943268] loop2: detected capacity change from 0 to 40
11:41:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)

11:41:52 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0xffff2f64cd976751, 0x80, 0x2, 0x81, 0x1, 0xfe, 0x0, 0x20, 0x30000, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0x14}, 0x40, 0x1, 0x1, 0x3, 0x4, 0x8, 0xb5cf, 0x0, 0x4, 0x0, 0x5}, r1, 0xf, 0xffffffffffffffff, 0x2)
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x325f00, 0x0)
sendfile(r0, r3, &(0x7f0000000240)=0x4, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000000)='nl80211\x00')
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2020.093538] syz-executor.1: attempt to access beyond end of device
[ 2020.093538] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2020.095073] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2020.099107] loop7: detected capacity change from 0 to 40
[ 2020.221206] syz-executor.7: attempt to access beyond end of device
[ 2020.221206] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2020.223005] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2020.240191] syz-executor.2: attempt to access beyond end of device
[ 2020.240191] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2020.242063] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:42:07 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:42:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:07 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
waitid(0x1, r1, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x6, 0x1f, 0xfc, 0x7, 0x0, 0xfffffffffffffffe, 0x18a, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000000), 0x8}, 0x14c88, 0x3, 0x2, 0x0, 0x100000001, 0x3, 0x3, 0x0, 0x80000000, 0x0, 0x1000000000000}, r1, 0xb, r0, 0x1)

11:42:07 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2035.806062] loop2: detected capacity change from 0 to 40
11:42:07 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = inotify_init()
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x4008f50a, &(0x7f0000000000)={0x7fffffff, 0x80})
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:07 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:07 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRESOCT])
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {}, [{0x2, 0x2, 0xee01}, {0x2, 0x6}, {0x2, 0x1, 0xee01}, {0x2, 0x0, 0xee00}, {0x2, 0x2, 0xee00}], {0x4, 0x5}, [{0x8, 0x4}, {0x8, 0x9}, {0x8, 0x6}], {0x10, 0x1}, {0x20, 0x5}}, 0x64, 0x1)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x6)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="000000000000000000003b00000008fe0200", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

[ 2035.873036] loop7: detected capacity change from 0 to 40
[ 2035.882611] loop1: detected capacity change from 0 to 40
11:42:08 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2036.066260] syz-executor.2: attempt to access beyond end of device
[ 2036.066260] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2036.068274] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:42:08 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = fsmount(0xffffffffffffffff, 0x1, 0x72)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'syztnl1\x00', &(0x7f0000000300)={'ip6gre0\x00', <r4=>0x0, 0x2f, 0x2, 0x0, 0x8e7, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x40, 0x8000, 0x2, 0x7}})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x48, 0x0, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffffff32}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="39a20a701c85"}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

[ 2036.155357] syz-executor.1: attempt to access beyond end of device
[ 2036.155357] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2036.156818] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:42:08 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
waitid(0x1, r1, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x6, 0x1f, 0xfc, 0x7, 0x0, 0xfffffffffffffffe, 0x18a, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000000), 0x8}, 0x14c88, 0x3, 0x2, 0x0, 0x100000001, 0x3, 0x3, 0x0, 0x80000000, 0x0, 0x1000000000000}, r1, 0xb, r0, 0x1)

[ 2036.246405] syz-executor.7: attempt to access beyond end of device
[ 2036.246405] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2036.247667] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:42:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:08 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = getpgid(r1)
r3 = perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x0, 0x4, 0x5, 0x20, 0x0, 0x6, 0x72420, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x8, 0x2}, 0x8100, 0x3098, 0x4, 0x5534998de11b0f59, 0x5, 0x0, 0x8, 0x0, 0x5c, 0x0, 0x1268}, r2, 0x10, r0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000140)=<r4=>0x0)
r5 = getpgrp(r1)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/locks\x00', 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r0, &(0x7f00000001c0)={r6, r3, 0x5})

[ 2036.394363] loop2: detected capacity change from 0 to 40
11:42:08 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2036.581222] loop1: detected capacity change from 0 to 40
[ 2036.623127] loop7: detected capacity change from 0 to 40
[ 2036.672561] syz-executor.2: attempt to access beyond end of device
[ 2036.672561] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2036.674024] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:42:08 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="9800000078306e7fcc7af282f8c072d04f0e6179198c9f51f655c60427100aec20722b852de275bc9b892a4e7ce3e4fb131990c8856dbbb513a8b874c892b6d895d39cf0db34dc4bd7604d205e639010e91ead7b749e85e1ba8840f12b6114a6c4a97c81b4da9209f9805a5962726d9297ebc6624ea182b002f057f91be51a8441f6bf50583779715e23011882c9fb3f7f507b84c2ade2c4cf900a95503803f90e20183df5d2583bf2379d413615a0ba8c20ed5c20ebe3dd24f73dcf510fbd90a60fc95f2379a9ef9612a5c4768ce44a9b2f71cd80633bcceb01e35baa8f6466d0203b992f5ea354ed37f736d726e6bfe90d3a52d62986e78ce3a2ef", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:42:08 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:08 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2036.782679] syz-executor.1: attempt to access beyond end of device
[ 2036.782679] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2036.784467] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2036.786079] syz-executor.7: attempt to access beyond end of device
[ 2036.786079] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2036.787336] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:08 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5}]}, 0x28}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="1f0a00000000000000003900000008000300", @ANYRES32=r5, @ANYBLOB="10005a800c000380050004000c"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r2, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x8, 0x4d}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x480c0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:08 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRESOCT])
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {}, [{0x2, 0x2, 0xee01}, {0x2, 0x6}, {0x2, 0x1, 0xee01}, {0x2, 0x0, 0xee00}, {0x2, 0x2, 0xee00}], {0x4, 0x5}, [{0x8, 0x4}, {0x8, 0x9}, {0x8, 0x6}], {0x10, 0x1}, {0x20, 0x5}}, 0x64, 0x1)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x6)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="000000000000000000003b00000008fe0200", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:42:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:25 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="00800000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
r3 = perf_event_open$cgroup(&(0x7f0000000380)={0x2, 0x80, 0x5f, 0x1, 0xff, 0xff, 0x0, 0x10000, 0x4000, 0xa, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7f, 0x0, @perf_config_ext={0x3ff, 0x4}, 0x100, 0x6, 0x200, 0x4, 0x8, 0x0, 0x53, 0x0, 0x58dfff07, 0x0, 0x8}, 0xffffffffffffffff, 0xb, r0, 0x0)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x1f, 0x5, 0xab, 0x2, 0x0, 0xff, 0x102, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000180), 0x2}, 0x8010, 0x4, 0x1, 0x9, 0x8000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x1}, r1, 0xb, r3, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:42:25 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:42:25 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2053.097993] loop1: detected capacity change from 0 to 40
11:42:25 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRESOCT])
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {}, [{0x2, 0x2, 0xee01}, {0x2, 0x6}, {0x2, 0x1, 0xee01}, {0x2, 0x0, 0xee00}, {0x2, 0x2, 0xee00}], {0x4, 0x5}, [{0x8, 0x4}, {0x8, 0x9}, {0x8, 0x6}], {0x10, 0x1}, {0x20, 0x5}}, 0x64, 0x1)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x6)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="000000000000000000003b00000008fe0200", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:42:25 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r0, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:25 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:25 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:25 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2053.133035] loop7: detected capacity change from 0 to 40
[ 2053.156360] loop2: detected capacity change from 0 to 40
[ 2053.281513] syz-executor.1: attempt to access beyond end of device
[ 2053.281513] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2053.283156] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:42:25 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRESOCT, @ANYRES64, @ANYRES32, @ANYRESOCT])
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {}, [{0x2, 0x2, 0xee01}, {0x2, 0x6}, {0x2, 0x1, 0xee01}, {0x2, 0x0, 0xee00}, {0x2, 0x2, 0xee00}], {0x4, 0x5}, [{0x8, 0x4}, {0x8, 0x9}, {0x8, 0x6}], {0x10, 0x1}, {0x20, 0x5}}, 0x64, 0x1)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x6)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="000000000000000000003b00000008fe0200", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:42:25 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000140))
waitid(0x1, r1, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
r3 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r3, 0x1, 0x0, 0xf, 0x0, 0x18)
r4 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r4, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r3, &(0x7f0000000000)={0xffffffffffffffff, r4, 0x2})
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2053.383669] syz-executor.7: attempt to access beyond end of device
[ 2053.383669] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2053.385178] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:25 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:42:25 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2053.467203] syz-executor.2: attempt to access beyond end of device
[ 2053.467203] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2053.468670] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:42:25 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
waitid(0x1, r1, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x6, 0x1f, 0xfc, 0x7, 0x0, 0xfffffffffffffffe, 0x18a, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000000), 0x8}, 0x14c88, 0x3, 0x2, 0x0, 0x100000001, 0x3, 0x3, 0x0, 0x80000000, 0x0, 0x1000000000000}, r1, 0xb, r0, 0x1)

11:42:25 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2053.578541] loop1: detected capacity change from 0 to 40
[ 2053.650859] loop7: detected capacity change from 0 to 40
[ 2053.779590] syz-executor.1: attempt to access beyond end of device
[ 2053.779590] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2053.781139] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2053.820072] syz-executor.7: attempt to access beyond end of device
[ 2053.820072] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2053.821685] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:41 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:41 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
r4 = getpgrp(r1)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x0, 0xd4, 0x2, 0x80, 0x0, 0x7, 0x53202, 0xa, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffffda01, 0x1, @perf_config_ext={0x8001, 0x1}, 0x0, 0x1ff, 0x0, 0x4, 0x3, 0x3, 0x81, 0x0, 0x100, 0x0, 0x1a}, r4, 0xf, r2, 0x8)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000300), 0xa0100, 0x0)
close(r5)
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open$cgroup(&(0x7f0000000000)={0x3, 0x80, 0x1, 0x72, 0x7, 0x5, 0x0, 0x8001000000, 0x2020, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x3, 0x2}, 0x41106, 0x6, 0x8000, 0x8, 0x48, 0x7, 0x9, 0x0, 0x7, 0x0, 0x5}, r3, 0x8, r0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:41 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:42:41 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x81, 0xff, 0x1, 0x1, 0x0, 0xffffffff, 0x32000, 0xd, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_config_ext={0x7, 0x1ff}, 0x2, 0xfff, 0xffffffff, 0x1, 0x37, 0x0, 0x8, 0x0, 0x7, 0x0, 0x40}, r1, 0xf, 0xffffffffffffffff, 0x7)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:42:41 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
clock_gettime(0x0, &(0x7f0000001fc0)={<r2=>0x0, <r3=>0x0})
gettid()
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000300)=""/218, 0xda}, {&(0x7f0000000400)=""/208, 0xd0}, {&(0x7f0000000840)=""/84, 0x54}, {&(0x7f0000000500)=""/132, 0x84}, {&(0x7f00000005c0)=""/249, 0xf9}, {&(0x7f0000002040)=""/12, 0xc}, {&(0x7f0000000700)=""/183, 0xb7}], 0x7, &(0x7f0000002080)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r5=>0x0}}}], 0xa8}}, {{&(0x7f0000000900), 0x6e, &(0x7f0000001e80)=[{&(0x7f0000000980)=""/210, 0xd2}, {&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/205, 0xcd}, {&(0x7f0000001b80)=""/66, 0x42}, {&(0x7f0000001c00)=""/144, 0x90}, {&(0x7f0000001cc0)=""/225, 0xe1}, {&(0x7f0000001dc0)=""/143, 0x8f}], 0x7, &(0x7f0000002140)=ANY=[@ANYBLOB="20000000130000006e00000001000000729004d4e7cd3aa306d2820e2e2298e97250409cc5e7a7203470cbe399e9d50bd1e7cabbf62279e410376f749dc6f1e3d618da273e87ba2489e5fcfb84c8854c4fc90531b18004cff243f264096a542e382478c4dc168066a0d647bd98b6b15c536c4d596527a929ae405292687943b58593923e18750ece537d8874c596978ae932ed7108745d5cf4bdfe7e164d548ac9e059d9a06757e5b5a89d720ce3bcbc8cdd21c3ab9fc40949ed3e7f0634e57f502053d6b6fd31d0f235e66ac8aab6a94e1302e4d0", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x20}}], 0x2, 0x0, &(0x7f0000002000)={r2, r3+60000000})
perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0xcd, 0x7, 0x2, 0xb3, 0x0, 0x6, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x4, 0x6}, 0x40, 0xd33, 0x1, 0x6, 0x0, 0x80000001, 0x7, 0x0, 0x2, 0x0, 0x400}, r5, 0x2, r1, 0x0)
r6 = getpgid(r0)
clock_gettime(0x0, &(0x7f0000000240))
r7 = creat(&(0x7f0000000140)='./file0\x00', 0x69)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000002240)={0x4, 0x9, 0x3, 0x6, 0xa, [{0x101, 0x800, 0x7, '\x00', 0x1800}, {0x65f, 0x80aa, 0x20, '\x00', 0x2000}, {0x2, 0x93, 0x2, '\x00', 0x2000}, {0x80000000, 0x401, 0xe6f0, '\x00', 0x806}, {0x1, 0x3, 0x9, '\x00', 0x781}, {0x3, 0x6, 0x2, '\x00', 0xa80}, {0x0, 0x9, 0x1, '\x00', 0x980}, {0x5, 0x0, 0x8000, '\x00', 0x1103}, {0x2, 0x3, 0x5, '\x00', 0xc}, {0xf0c9, 0x0, 0x1, '\x00', 0x1080}]})
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x20, 0x72, 0x81, 0x1, 0x0, 0x2, 0x2, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x2, @perf_config_ext={0x7, 0x1ff}, 0x2032, 0xcc, 0x80000001, 0x8, 0x5, 0x7fff, 0x20a5, 0x0, 0x7, 0x0, 0x7fff}, r6, 0x0, r7, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:41 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:42:41 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2069.249547] loop7: detected capacity change from 0 to 40
11:42:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2069.252058] loop1: detected capacity change from 0 to 40
[ 2069.304225] loop2: detected capacity change from 0 to 40
11:42:41 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000), 0x0, &(0x7f0000000840)=[{&(0x7f0000000140)=""/83, 0x53}, {&(0x7f0000000040)=""/22, 0x16}, {&(0x7f00000001c0)=""/173, 0xad}, {&(0x7f0000000300)=""/223, 0xdf}, {&(0x7f0000000400)=""/107, 0x6b}, {&(0x7f0000000480)=""/234, 0xea}, {&(0x7f0000000580)=""/239, 0xef}, {&(0x7f0000000680)=""/52, 0x34}, {&(0x7f00000006c0)=""/218, 0xda}, {&(0x7f00000007c0)=""/82, 0x52}], 0xa, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:41 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000140))
waitid(0x1, r1, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
r3 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r3, 0x1, 0x0, 0xf, 0x0, 0x18)
r4 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r4, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r3, &(0x7f0000000000)={0xffffffffffffffff, r4, 0x2})
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2069.439962] syz-executor.1: attempt to access beyond end of device
[ 2069.439962] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2069.441148] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2069.471656] syz-executor.7: attempt to access beyond end of device
[ 2069.471656] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2069.473022] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:41 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x2)
process_vm_readv(r1, &(0x7f0000000180)=[{&(0x7f0000000380)=""/141, 0x8d}], 0x1, &(0x7f0000000a80)=[{&(0x7f0000000600)=""/157, 0x9d}, {&(0x7f00000006c0)=""/167, 0xa7}, {&(0x7f0000000780)=""/80, 0x50}, {&(0x7f0000000800)=""/208, 0xd0}, {&(0x7f0000000900)=""/187, 0xbb}, {&(0x7f00000009c0)=""/129, 0x81}], 0x6, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000009cc0)=[{{&(0x7f0000000b00), 0x6e, &(0x7f0000000480)=[{&(0x7f0000000b80)=""/231, 0xe7}, {&(0x7f0000000c80)=""/4096, 0x1000}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/4096, 0x1000}], 0x4}}, {{&(0x7f0000003c80), 0x6e, &(0x7f0000003f00)=[{&(0x7f0000003d00)=""/193, 0xc1}, {&(0x7f0000003e00)=""/40, 0x28}, {&(0x7f0000003e40)=""/136, 0x88}], 0x3, &(0x7f0000003f40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {<r2=>0x0}}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x120}}, {{&(0x7f0000004080), 0x6e, &(0x7f00000044c0)=[{&(0x7f0000004100)}, {&(0x7f0000004140)=""/169, 0xa9}, {&(0x7f0000004200)=""/189, 0xbd}, {&(0x7f00000042c0)=""/83, 0x53}, {&(0x7f0000004340)=""/208, 0xd0}, {&(0x7f0000004440)=""/39, 0x27}, {&(0x7f0000004480)=""/53, 0x35}], 0x7}}, {{&(0x7f0000004540), 0x6e, &(0x7f0000004900)=[{&(0x7f00000045c0)=""/139, 0x8b}, {&(0x7f0000004680)=""/191, 0xbf}, {&(0x7f0000004740)=""/238, 0xee}, {&(0x7f0000004840)=""/32, 0x20}, {&(0x7f0000004880)=""/81, 0x51}], 0x5, &(0x7f0000004980)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}}, {{&(0x7f0000004a80)=@abs, 0x6e, &(0x7f0000005d80)=[{&(0x7f0000004b00)=""/119, 0x77}, {&(0x7f0000004b80)=""/97, 0x61}, {&(0x7f0000004c00)=""/11, 0xb}, {&(0x7f0000004c40)=""/220, 0xdc}, {&(0x7f0000004d40)=""/4096, 0x1000}, {&(0x7f0000005d40)=""/37, 0x25}], 0x6}}, {{&(0x7f0000005e00)=@abs, 0x6e, &(0x7f0000006f40)=[{&(0x7f0000005e80)=""/4096, 0x1000}, {&(0x7f0000006e80)=""/163, 0xa3}], 0x2, &(0x7f0000006f80)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd0}}, {{&(0x7f0000007080)=@abs, 0x6e, &(0x7f0000007240)=[{&(0x7f0000007100)=""/75, 0x4b}, {&(0x7f0000007180)=""/130, 0x82}], 0x2, &(0x7f0000007280)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x148}}, {{0x0, 0x0, &(0x7f0000008a80)=[{&(0x7f0000007400)=""/198, 0xc6}, {&(0x7f0000007500)=""/4096, 0x1000}, {&(0x7f0000008500)=""/59, 0x3b}, {&(0x7f0000008540)=""/41, 0x29}, {&(0x7f0000008580)=""/132, 0x84}, {&(0x7f0000008640)=""/220, 0xdc}, {&(0x7f0000008740)=""/136, 0x88}, {&(0x7f0000008800)=""/135, 0x87}, {&(0x7f00000088c0)=""/145, 0x91}, {&(0x7f0000008980)=""/205, 0xcd}], 0xa, &(0x7f0000008b40)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{0x0, 0x0, &(0x7f0000009bc0)=[{&(0x7f0000008b80)=""/4096, 0x1000}, {&(0x7f0000009b80)=""/58, 0x3a}], 0x2, &(0x7f0000009c00)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0}}], 0x9, 0x40000200, 0x0)
process_vm_readv(r2, &(0x7f000000b040)=[{&(0x7f0000009f00)=""/59, 0x3b}, {&(0x7f0000009f40)=""/4096, 0x1000}, {&(0x7f000000af40)=""/92, 0x5c}, {&(0x7f000000afc0)=""/91, 0x5b}], 0x4, &(0x7f000000c180)=[{&(0x7f000000b080)=""/215, 0xd7}, {&(0x7f000000b180)=""/4096, 0x1000}], 0x2, 0x0)
perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x7, 0x8, 0x3, 0x5a, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x4, 0x4}, 0x108, 0xd, 0x8, 0x0, 0x8, 0x7, 0x0, 0x0, 0x8, 0x0, 0x8}, r1, 0x2, 0xffffffffffffffff, 0x1b)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r4 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="98000000", @ANYRESDEC=r4, @ANYBLOB="010000030000000000000000000008000300e52bb7c1e5a8a82a3d4e15f05c3814c2a1755a7d616e312637a64b5711f0498a1754e11231e8dc7909678e63bad4fc6f36a9d1ad9160c6bc72bf98f240a46666fc1cebb03917c8e54ed92d1391fc88b8070024efcd80b7f50795c80fbd3112276ebbd9a7b0aba2660f35e3bc2b8e3c1c621032da91c415b9009bbbc098ca77584f403e8f1b329ff905c8cba3eb231d11ac95b0b4a048ff71bba5e777004c95379912ad734465b8de581b2c2abce7ea5bb508b8ee69e9b3c7e8145172455be1f8", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
[ 2069.567153] syz-executor.2: attempt to access beyond end of device
[ 2069.567153] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2069.568449] Buffer I/O error on dev loop2, logical block 10, lost async page write
syz_io_uring_submit(r6, r7, &(0x7f000000d540)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, r3, 0x0, &(0x7f000000d500)={&(0x7f000000c1c0)=@llc={0x1a, 0x1, 0x40, 0xff, 0x0, 0x81, @random="53b239521cb0"}, 0x80, &(0x7f000000d400)=[{&(0x7f000000c240)="7b7d143d80a17102f540fb15d1b44b518291f2c512c302570069727bbae22c2ec4d7be6c687ddba58b99537a4b063d56b044d2579edf5efa5e9d6de9810584ca3d2d05f5957c85ac071bd0daf2384fab768e842e0448b75b01225833f0ad2d8f10376fd16d75764176fcb3a03f8db6ac183e89943b4f14c98a1b", 0x7a}, {&(0x7f000000c2c0)="6a5922dbad5f4b0e0d71100ba6ed9d72842b146f01022adc86aca94ef664de11ec0e4b0543b54428368bd96c71731e796a17c47b9b597fb9d974ec56719ca67acc5a3ff4247cc0365db1f054f8ca02afb5dc598912abc6b63ab8941afd76c4bc5e303bf43517281c5ede4642b9a77203f1e73e256b9e746c127c8cbd73a612eb533b01fa86a4c77abd0f8cc2db5c0f2dbec51e94a5eb13ac779c9939781433f0932fb1fa4575b0cd3917b581d0e704a298f761f253fe7282bdc8ec306bc5137429f4667cd12194a9117508ebb65a11199684e5f3ca738e9db2234f7f892f9755698dcd0d40188f96d5243101fb25455889a9f5904b8dc53e572768e546a552ce615a3e53e1a04d90257bd7a5b087d501e8ecc68f06cb838179d6fdc5b3f82ce7552f17ad7ae83834a2d61a6139e7a050fa16cef48a1bf22058ff1448a6f9217c0a552c9128eb4ede7aaba10cb2783f1688569459e451916d384e77f2fb4c16ee1396d05fb8d960b5c775c2ce49399e5bef986397f9c072f639d8511e44954a81258f63ac5c54d5990ed793dc59fbebb49dcd726c221e97d0c291a7072b51417b568b528bd9861bf7c317c200be11d7c8056a6d291962d6cf439090a052ecbca6babf96ae0ac3375880ee8e0623d8558d410452c54cc3abe75b4bc8249ba6095ab011ff620707f4300eb419907b9e014ca0ba0f5fff052b53992c249b7476e02885b76dcc4fb7f64219fcb30139c0f1580bb70b8326383e2dee1fda75139909da86b32af494fb60000626dd19958dea643601a6a631a9ec81ecfed73cba6dd74d7e892705645b8967979a7610fb4739ae32b66e6a1bbc269ef34336bc96f732a970aa3242b9305f9ede48591ddf98be9b1a2706d161e3b5e66171c4b933284a8b6a3a9ea74d3de9a9821344c291620eb499ea0afe05db0eaf0efa2d0579ff75b70eddc197e8e254f482b2e6a0d22e01f758b0146537a03c55b05832c07682ce35f9405fa340417f34ad89d34a47c5efad8ef9e5024d7e304ad50dab02ad36c4a8c943ffd869143d69f7e70da481abd3c720cea6a44e1bb46bcda8ed91a4af8f947c52b555d4afd3646a4eaef5827819791fe7a9c1cbc239b30b062d1ec64c341b4d7234dca5bae150a3f60a90d024b39f5e6ba6f4682399122456a567492de354f2040ee6bec040c2a51d00d36200c660f7731a7293299ae18eff7fbdb64e159a09710a4f0b694d4b19cbe8e6446bf81b96363a380d3db1d975dc0e0d160c7f14ca31d581b99a1758bd7cd3fea0d47845a1382f28c33f5e41a9965cebbcb2de180ac57c32ea53ba895baf07df7db816fd0ea337a6e879508d43f9a5e1ece91c158e280fcd3e985504ca73277cf914debdce5dd85863b338b90dfea817e09147153df1a5415722183e2168e905fd98ea62753baf21f701e500fb9fef38f5c3262a53735a7f2a691378838fa8aca37b7795fee97bceb7ab7e16f5fbee01e13f1fd438b696b485031bbaa29a0d51f71cd9761f9f3781a050a23c9b6b1ba636d97f63b15eceaefc5c53a8c73de620064a79840f01630eecea14d9eecab8744a42294c17643f6a2a896cb4dd4201b87ea7a7215214f5308849973b6bf341fc804d467ecec02ace346d3db8ff52f6a49b0170b61671d7062aa61b035795b88e6b7722f6cec93d93844ca7f5db20a65832f56111cf793097ef11f1aecd916b9ed6b06287a841e5f0d648182fd59d16857aaa84363d94fa70b0f47eb7768f2c5aa444a049f86c0426954d5dbacc52c13979ee46e1ff47f0aa1d65d226394e6d6205724ff84037d298044cf567b3e13fc167f6ba7eda68d8921f67bfc3d0b6501f2e71b170d65d8cbc0f37e02ca0c84635c6d1edadcd1eb9e333b54df0c74d9cba87bbc4a3ba1e78a195ddb99924a80f9c510aa1a03257031ccab1c82051b5cf8acf95def5d6c45638bebf4f7e279cc03bec63bb4933c1250b2d633d78ba0b60c805b3c3f59387f19aea699a3a327584112034eda5e975b593f2ce80610ea5ba3fd17e5562ba255796c76a68c12157681a8e31d8196ae93bd1bd1e2e36f55add5ca748906b83d9c83b013c5d0b7ab578af09cecbf8bee279f22d88228d0be4aa2d91f9bf4f681215b40bc84c3c334a8dcd2f1d8941822795c765f48e0650293d7eec580751a67b7adbfed7ef2dd5412deb1b1c6f5e9c77ddbb1254d9396058c22baa830b48a7ea35172a756c8a36f7324a340d2f7fcdaeb5f06f47f0ed2b48df26c70de62a9f725f11054bf46f59b1539952711e3ade6a406fa27adeb43913e105607734f4138cd62e85dd294bb0fa617205472adddf52920ee33dd64479159da17a0b38f4ffc975aa0e481ddf12c75c57e4df29e394ca0891eb8da635a64e1bbbeaa0979e03b824b2ef4576489ff4c6c0894b0265641e334380db43578cd9ccb25db77df07eaa54655a2ad20b78f6135b044e69e37f780951859878c9ffbbb1f9fc504d9ab9e9b1ae606b4122e00188452e02b0d6c03f18405a26cca4d1ecd8f8455114570bbfbb19140de96926f68170744e6ad6cad7136aedf086bcbf41df039b7da3189f8167b3042a83afd677de3cd62eba49dda25be60ba92ce2196352d78ed45627ebd2d54b3ecc02bc3fed8259140eeee671901d7c77d7712dbdc714580ba26a5e71b10244bc98e1919578d548fc1af60e5deb1ef69545a1f902011990e3b6b8013b6c0ea245c469770dbf4b647367b90512b9aca8605c39e52daf82e413a882e3020d6b9e6fa426cbdeb6eb6dc58b40caf506d4ee63b766c8fe6e7f96556841d929bb56f203d0596bf34c14b8161900b1b1a4b581c998a38d16d9be180ec743fc6a7113f4bb1fd2ab3f83ccd22de9f537106e7ca37ce1cd50c79a4159c484656bfb18d6dfaac3e8edfb3906672a1d6a7e41469179384243dfc4045328b804b9edaf931215a64bfc007237f0e9d2677661fa1974953c26b88f9381a46f36967e225bf35666ae58e55f2ca63181f41716d84f81993a3fccd352e57d6b6eb11c5f9562ec6b1c546605476eeab32f747b0007d54e6d149895d142ea58a480cc08639ef99203496b01cfd7f0344b4d9e123686b0f15d7dea35b195c0ece513715a91587871cab2f454cb92968048d45531e2614d427d0e184d5960dfbfbb4be5f9805356cc3459cc8c0317c260e084dd8045202bbcc93a2fda14d38191ee8fc44e0d007b264fc3cae778b6547330a2f738aad8c67302fe81625579f95b3fb773c588f9ef34216be8f3296c448e5acaa5c6e9ca892f5c57baee1b75c6c7ec641ea80de82895aceba40a4ebcd5d85f577722e83866b9e498ad1f14fbbb2431ed3920022f4aabc7d5017d4899911bc6d372e76c3e627333b18d7afcb64b059f76d2086f21980b9aad482936fa4967eedfbc1bf22a6c7656590cdb22c4884eee4ead1893a0883d02713f1c44a7b9c8957aaf8651414054780ff297e4e83b430bd922f53a2258853d9b4aecf2f0824346fa22604003e896ee428a6682885aaad95477c08f5412508639a6fadfeed8b408b866db08dd3f74c2ca9e6d860518dcf1c43b9681818d395f0ffe98522192ccf561f67e5420ba28cfaf1f03cca565d757444b7a1cade6321172a3a82d332fe4c80443b48f7dffc32384224ebb27dbc324b032e6a01385e0215f2714590fc1db80037d1f5abf8cdd1776844798659594f16e1fbb1e52a979ada0b780ca537f88f75ed72e57129ec74e44b6cecd1034d2758b57d75267563953de757667f8f0526cc9943d87b0682984d2ef8c08fbfe9c8fa7e47509a2bd7f8bfda408db94fc7937c1b624798db9fdd33e97f8abd7285e38cc102da9ac3596bb2767d7f7118e6cc4fff038ce89a3f1c07c681d3fd76dedb1f81682f6a3f054b243a88fadf1730dda4dd078c765a37f651fce773dc9477d34d4c0c97a017042bd2ecc6e45763963298fd6721c3272eab74944b02e130e78e067bc88d6cd9285dac304ea966226adabad752edb69ef63412abffd080cf3eb2fadfdc307e549341def1125667d87bb4801317807cbd04f1a503a3be7daa0b06a45518b20d5e6dba1e15dfcfdedd8c537e9a6ca93e5c5ac782e020cf9c3aebe3f6a235f274746bf323637e03b129e8f9c1a5241a2db97b2900ecd90eb2ebfddb68b72a226af46151529dd3d48ded35ef306c9ccae6f5ba217391db90497b92d6770e1b854c43981d3d4bce0923df3ef32aab37d6b0c20694748a1648e43162ee397085f5967943d9f08a69e17883e5ccd6e1409ac631a47adbe1ecb53363f625c8765631850a3a5f1a43c131ff791dcf8e35b120bbb56e952b0c6b15680b9453c4b85109474b7af86013637a0b056547303c8fc8bbf6380c764298673f00cff02226e0582eeba759de7259eebe1c1fba3958905a1475a0cffbc5c972b7e59787f8498b3fa94042f5f19e98d5d7aa7961261c3a6abdafdb58bc1e429a262c42f0a8363c2777a18d71e1cd62f4029a877c2831eb3dd270a6a445585f30716d6c340cf00f25427bcb912b722279fac0a40e034abcc61b38d5d8b9a7075a2dd72c4cc13c2e71e58e90942cfbae70d841fb08b3e9f39caf28b87c689a389f1c60f687a8a8205e5c2457347bdbf095d7f9583f777d58f10c19119108e94af991524ce03b1e41dab6ae2a54452c7f95f50af762412acdff1d24e76e4899de7eb4756c9a8091104be40511110b988bdc2e5ed7e442d84539a3766772cee1e750f0e9e084c8985bea07b1315c46ff3d777e7fde74cd29a356b256e1f956b5e6267335ef6cf645f0306118a183acc2aa10e64e1830856f6b4e56c7fbb79a4c917a06bf288fdcee99a733d60d8798fac7a8cc8106fdd7fb13f2c66de5901de19df3c3314d824c0472698265c2859567bec718fd21fc5724807bd2477d6094df30901405d758532bfcba1478f2f3fe8976e627ba3aaae73dd56cce404613744dcb3abbc435f1aaf9ec78011b2bebefe69df9b9056ac82cdcb24e17c75d681154daa381d5c4c0e6919fb3f56d6a742eeccdc8d6d7418d5cc7e928c070cfadf620bcb91187d17e605ca00a42a53214aa06a2f24de3788745b867c11dfa9995ab21e1600d913d0164d8dddbb2f75057fd38c36fe4d6a6c7661933221bac2c1d3e23a470eb749596eb235b3860ecb5fc4d17f7d5af90f56da2b766bbe5dfadcc8017d8122c8a91ecf8d678a289c1c05bdafdb6ac8f6c0658bc6cb7559d6be273ca3151f6b98c712924b85342de6dc7b40267d05c0fd2eb76eaec5e86df3335ce4b6eda66acb0852a35d25429cc254d6f0f3da5184a9d66fd648d86aa69ffd1af1241139d027abad2d113654d0e4bb237e0e741cdc543306e339627bee8b7bf71344f171f57153967c83bf204c9d35878ea43cec57435d3d80b9357baecdb46141b3646fba0032412c97b39dea75104fca99491850b1c90955863f95f230b21aabee295bf63447b212f6616b3f5652f15619bc7b95965c0b47ebdd9d9f4c4985941482264c231c6d1d5a7e3f9c046007139bdc9a97bd2d6d6c1b922785d484afe861b96ac5b0c2b75feb2f35ab106e0b9650bf40670f46ee4c53e102c28f1449f3dc25ea7866fe0def11846bf16deb8297307a8d06688014e42d81f15a9b0671e79e89e5381ff3fe1bceb2ccfaf70b6e280f57fc0b4c4e11a89a110baf1b7ecd7aba0b7abd7632d43dc0e24ca7077776aa9d9e9e01e196882dde5063bbae3dbc0197eeb04ff12c58c62a5ffba24bb3d54d8e306201c7901808c58b7d45c3743fd481ae3e2cb4b8e26f3f85d7c33e", 0x1000}, {&(0x7f000000d2c0)="d821c6ea5eaae0b409ed8081efd74894a64df5d49311e3b9f44dc0a6a5ee711815cdc5ec4ce1ca7fde1b42e8b42cd406a4c3f498f2e26b7561e61df475f38c7461f10f93c03bf2399ced", 0x4a}, {&(0x7f000000d340)="fe3f691f676db315d51473361b3752d9f6cf505391de49fd383713e568411455aac9bdb467c0197adf5c3cd9319c313795931c80122338e3d2756e8344a625b42fbf64d278884450c2efc71ae107ff26fbca43661ce3de4775cd2992397129f4d3d46fa59079c4b46a1e9f10253aa8cc213b7d5624d3717ddcbe9a08353c23652eb419c0bd0a37c9f429d4b3137e4997297ee37e9caead7ea89a068b12cdefd5a7988b3b359a2e0a1a", 0xa9}, {&(0x7f0000004100)="07273f9a9a6533afd332e702238f2b48a92c76c058ee185c12f2ed950cd7f1eb5ebe643d12555708c32a490799f4", 0x2e}], 0x5, &(0x7f000000d480)=[{0x10, 0x1, 0x2}, {0x50, 0x84, 0x4, "ba7843901b37f62f6224abdd95eba9d7353fd8d0ab10c6016889ed39d78157f9c8d8b338b71f7c1e2a9ab3cb0e6704f3a1bd79ae881291af4b2e7451"}], 0x60}, 0x0, 0x40080c0}, 0x4)
r8 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r8)

11:42:41 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2069.699240] loop7: detected capacity change from 0 to 40
[ 2069.775487] syz-executor.7: attempt to access beyond end of device
[ 2069.775487] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2069.777147] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:42:57 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, r0, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r2 = dup(r1)
r3 = dup(r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
perf_event_open$cgroup(&(0x7f0000000000)={0x2, 0x80, 0x9, 0x3, 0x0, 0x1, 0x0, 0x1, 0x20, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x4, 0x7f}, 0x208, 0x8, 0x3f, 0x9, 0x200, 0x0, 0x9, 0x0, 0x88, 0x0, 0x8}, r3, 0x2, r3, 0x6)

11:42:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:42:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:42:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2085.143514] loop2: detected capacity change from 0 to 40
11:42:57 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000000}}, 0x0, 0xd, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x8, 0xff, 0x1f, 0x3f, 0x0, 0x5, 0x410a, 0xd, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x2, @perf_config_ext={0x80000000, 0x3}, 0x800, 0x0, 0x30, 0xa, 0x2, 0x687c, 0xfff7, 0x0, 0x7fffffff, 0x0, 0x3}, r1, 0x2, r0, 0x1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="984ad8c69115a7209a000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r4, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0xfc, 0x8, 0x2e, 0xa2, 0x0, 0x3, 0x20, 0x8, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000180), 0x5}, 0x8106, 0x4, 0x8, 0x5, 0x4, 0x1, 0x6, 0x0, 0x1, 0x0, 0x1}, 0xffffffffffffffff, 0x4, r4, 0x2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2085.164037] loop7: detected capacity change from 0 to 40
[ 2085.200381] loop1: detected capacity change from 0 to 40
11:42:57 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2085.395169] syz-executor.2: attempt to access beyond end of device
[ 2085.395169] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2085.396680] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2085.406608] syz-executor.1: attempt to access beyond end of device
[ 2085.406608] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2085.408134] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2085.411702] syz-executor.7: attempt to access beyond end of device
[ 2085.411702] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2085.413281] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:42:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:42:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2085.552694] loop1: detected capacity change from 0 to 40
11:42:57 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
openat(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x0, 0x20)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={<r2=>0x0}, &(0x7f0000000340)=0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={<r3=>0x0}, &(0x7f00000003c0)=0xc)
r4 = fork()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
waitid(0x1, r4, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r5 = fork()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
waitid(0x0, 0x0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
ioprio_set$pid(0x1, 0x0, 0x4004)
sched_getaffinity(r5, 0x8, &(0x7f0000000640))
fcntl$getownex(r0, 0x10, &(0x7f0000000400)={0x0, <r6=>0x0})
r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000480), 0x20000, 0x0)
perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x3, 0x1, 0x0, 0xb6, 0x0, 0x7f, 0x489, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000540), 0x1}, 0x10020, 0x10001, 0x2, 0x0, 0x4, 0x7, 0x951, 0x0, 0x4, 0x0, 0x5}, r4, 0x7, 0xffffffffffffffff, 0x1)
clone3(&(0x7f00000004c0)={0x100000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140), {0x40}, &(0x7f0000000180)=""/113, 0x71, &(0x7f0000000200)=""/113, &(0x7f0000000440)=[r1, r1, r2, r3, r4, r5, r6], 0x7, {r7}}, 0x58)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:42:57 executing program 3:
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x80000001}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x10)
r2 = gettid()
rt_sigqueueinfo(r2, 0x21, &(0x7f0000000000))
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r1, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/usb_storage', 0x1e1000, 0x2)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="28000090", @ANYRES16, @ANYBLOB="01000000002b6289d02d174cbbcba7ef6bd70798d23d81d763eff65750194e847d9a5929dc1426dbe426d365ba4cb0859395f429f5", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
r5 = getpgrp(r2)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x2, 0x9, 0x3, 0x0, 0x0, 0x0, 0x10010, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x10000, 0x0, @perf_config_ext={0x80000001, 0x9}, 0x200, 0x7fffffff, 0x64, 0x6, 0x17, 0xfffff1fd, 0x5, 0x0, 0x8, 0x0, 0x4}, r5, 0x1, 0xffffffffffffffff, 0x2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
perf_event_open(&(0x7f0000000500)={0x5, 0x80, 0x5, 0x9, 0x3, 0x8b, 0x0, 0x4, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x0, @perf_config_ext={0x1, 0x5}, 0x29, 0x6, 0x1000, 0x5, 0x0, 0x7, 0x6, 0x0, 0xf8, 0x0, 0x1}, 0x0, 0x7, r3, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
waitid(0x1, r5, &(0x7f0000000580), 0x1, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

11:42:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2085.636267] syz-executor.1: attempt to access beyond end of device
[ 2085.636267] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2085.637856] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2085.658629] loop7: detected capacity change from 0 to 40
11:42:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2085.778238] syz-executor.7: attempt to access beyond end of device
[ 2085.778238] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2085.780009] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2085.805495] loop1: detected capacity change from 0 to 40
[ 2085.911620] syz-executor.1: attempt to access beyond end of device
[ 2085.911620] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2085.913580] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:43:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x2)

[ 2102.159426] loop7: detected capacity change from 0 to 40
[ 2102.172686] loop2: detected capacity change from 0 to 40
11:43:14 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000300)={0x8001, 0x101, 0x0, 0x6, 0x5, [{0x6, 0x80000000, 0xc1f, '\x00', 0x500d}, {0x5, 0x3, 0x81, '\x00', 0x1a02}, {0x40, 0xffffffff, 0x1}, {0xe35, 0x1, 0x400, '\x00', 0xc80}, {0x7, 0x26, 0x1, '\x00', 0x3880}]})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
sendmsg$AUDIT_DEL_RULE(r3, &(0x7f0000000900)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x3300}, 0xc, &(0x7f00000008c0)={&(0x7f0000000480)={0x438, 0x3f4, 0x10, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x38, [0x5, 0xfd72b2c7, 0x4, 0x5, 0x1, 0x200, 0x4, 0x6, 0x8, 0x9, 0xfffffbff, 0x1, 0x6, 0x3, 0x8001, 0x7fffffff, 0x7ff, 0xf6, 0x2, 0xfff, 0x788f, 0x7ff, 0xc96, 0xf0000000, 0xffffffff, 0x9, 0x10000, 0x6, 0x4, 0xab, 0x9, 0x4, 0x721, 0xb03, 0x0, 0x9, 0x4, 0x5, 0xffffd85b, 0x6, 0xfffffff9, 0x1, 0x4, 0x5, 0x3, 0x1, 0x7, 0x8000, 0x0, 0x7, 0x9, 0x0, 0xa74, 0x80, 0x9, 0x8, 0x0, 0x9, 0xfffffff8, 0x7fffffff, 0x6, 0x8, 0x1, 0x9], [0x0, 0x0, 0x1, 0x5, 0x6, 0xbc84, 0x5, 0x6f71, 0x9, 0x0, 0x8, 0x1, 0x8001, 0x3ff, 0x0, 0x3, 0x7fff, 0x2, 0x7ff, 0x7177, 0x6, 0x8, 0xc61f, 0x9, 0x800, 0x5, 0x3ff, 0x0, 0x3, 0x3, 0xffff, 0x80000001, 0x2, 0x6, 0x3, 0xee13, 0x0, 0x6, 0x1, 0x2, 0x3, 0x900d, 0x6, 0x5, 0xfff, 0x4, 0x0, 0x2, 0x80000001, 0x3, 0x7ff, 0x8, 0x8, 0x9, 0x1000, 0x323b, 0x4, 0x50000000, 0x6, 0x1, 0x2, 0x20, 0x8000, 0x1], [0x3, 0xfffffffb, 0x0, 0x635, 0x9, 0xc21e, 0x2, 0x80000001, 0x2, 0xbf55, 0x1, 0x7fffffff, 0x3, 0x20, 0x7, 0x0, 0x80000001, 0x5c, 0x6, 0x8, 0x5, 0x3, 0x6, 0x8, 0x2, 0x6, 0xff, 0x3, 0x9, 0x4cc5b685, 0xfffffffe, 0x7fffffff, 0x7f, 0x6, 0x0, 0xffff, 0x8, 0x3, 0xfffffffb, 0x5, 0x0, 0xffff, 0x9, 0xffffffff, 0x6, 0x9, 0x2, 0x8, 0x8001, 0x8, 0x9, 0x6, 0x1, 0x2, 0x80, 0x8, 0xfffffff8, 0x101, 0x0, 0xffffff00, 0x7fff, 0x7fffffff, 0x3f, 0x80000000], [0xe67, 0x3, 0x3, 0x6, 0xfffffff9, 0x7fffffff, 0x9, 0x101, 0x101, 0x40, 0x200, 0x7fffffff, 0x80000000, 0x9, 0x1, 0x4, 0x1, 0x4, 0x4, 0x9d3, 0x10001, 0xfffffffc, 0x9, 0x9e64, 0x5, 0x5, 0x4, 0xfffffffb, 0x3f, 0x7fff, 0x6, 0x2, 0x80000000, 0x3f, 0x5, 0x8001, 0x1, 0x8, 0x0, 0x24, 0xca, 0x1, 0xa02, 0x0, 0x101, 0x400, 0x0, 0x0, 0x200, 0x10001, 0x6, 0x2e, 0x80000001, 0x9, 0xe25, 0x1, 0x1, 0x80000000, 0x1f, 0x4e3f, 0xfffffff8, 0x8, 0x56e6, 0x400], 0x18, ['\x00', '/dev/loop-control\x00', '\x00', '\\\x00', '!\x00']}, ["", "", "", "", "", "", "", ""]}, 0x438}, 0x1, 0x0, 0x0, 0x20044010}, 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:43:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:43:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:14 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:43:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2102.194852] loop1: detected capacity change from 0 to 40
[ 2102.337266] syz-executor.7: attempt to access beyond end of device
[ 2102.337266] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2102.338867] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2102.341194] syz-executor.1: attempt to access beyond end of device
[ 2102.341194] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2102.342857] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2102.346543] syz-executor.2: attempt to access beyond end of device
[ 2102.346543] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2102.347968] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:43:14 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc6171c1757c9d8ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x8000}, 0x0, 0xb, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0xff, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syncfs(r0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x20042, 0x94)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:43:14 executing program 3:
shmat(0x0, &(0x7f0000ff9000/0x4000)=nil, 0x2000)
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000)={0xfffffffc})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:43:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2102.524523] loop1: detected capacity change from 0 to 40
11:43:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2102.595904] loop2: detected capacity change from 0 to 40
[ 2102.602941] loop7: detected capacity change from 0 to 40
11:43:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
rt_sigqueueinfo(r0, 0x2, &(0x7f0000000000)={0x3c, 0xd0, 0x40})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
rt_sigtimedwait(&(0x7f0000000140)={[0x2]}, &(0x7f0000000180), &(0x7f0000000200)={0x0, 0x3938700}, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2102.725073] syz-executor.1: attempt to access beyond end of device
[ 2102.725073] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2102.726499] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2102.834083] syz-executor.2: attempt to access beyond end of device
[ 2102.834083] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2102.835432] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2102.846401] syz-executor.7: attempt to access beyond end of device
[ 2102.846401] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2102.847699] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:43:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x0, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:30 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
rt_tgsigqueueinfo(r0, r2, 0x9, &(0x7f0000000180)={0x24})
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff, {0x8, 0x1000}}, './file0\x00'})
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000240)='*\x00', &(0x7f0000000500)='nl80211\x00', 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="a0010000", @ANYRES16=r1, @ANYBLOB="040043bd700002dcdf250f00000008000300", @ANYRES32=0x0, @ANYBLOB="0500d5000100000088005a80780001804f0002000d290744445b211b32010244281a03554047103a1936534931001626004f4810204b484702310854463e34384338311a311e2a44381e25404f5148264b40211f0e282257561f09093356520005000400000000000500040000000000140003001f00f9ff0008050007000080040002000c000280050004000000000006009600e70a000074001501f6d9f1745bf29d1676a39c9e7ce1413dcf91f677d228827007b526c7039bdba7ec45876994b05b3d53005280ae49c3977619b957f1aed5d977ab2909259c12bb3885b724de6bbd136d0315399ccd4e5dfdd71b9d4092dddf66583ed2a4f6f43680c7c043aea520b5b05664de5bd42b7b08004b000500000008004a000c0000001c004c0006ac0f0014ac0f0009ac0f0008ac0f0010ac0f0010ac0f00080035000700000008007e000200000008001b80040003002c001b800500010001000000040002000400030004000300040003000400020004000200040002000400020008000c0064000000"], 0x1a0}, 0x1, 0x0, 0x0, 0x20000800}, 0x40)

11:43:30 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:43:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:43:30 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb8, r3, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3ff}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3881}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffff0000}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xe}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x24, 0x5}}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_L_THRESH={0x8}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xffff}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x20}]}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

[ 2118.622336] loop1: detected capacity change from 0 to 40
[ 2118.638061] loop7: detected capacity change from 0 to 40
[ 2118.638428] loop2: detected capacity change from 0 to 40
11:43:30 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2118.824908] syz-executor.2: attempt to access beyond end of device
[ 2118.824908] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2118.826457] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2118.845653] syz-executor.1: attempt to access beyond end of device
[ 2118.845653] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2118.847161] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2118.854581] syz-executor.7: attempt to access beyond end of device
[ 2118.854581] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2118.855961] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2118.908120] cgroup: fork rejected by pids controller in /syz5
11:43:30 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x2208, 0x0, 0x0, 0x0, 0x0, 0x2dc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
gettid()
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0x1, 0x1, 0x4, 0x90, 0x0, 0x3, 0x2, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x6, 0x1, @perf_config_ext={0xfffffffffffffff8, 0x5}, 0x1, 0x3, 0x8001, 0x0, 0x5d9a, 0x1, 0x8001, 0x0, 0x1}, r2, 0xd, r0, 0xa)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
ioctl$FS_IOC_MEASURE_VERITY(r4, 0xc0046686, &(0x7f0000000300)={0x1, 0xde, "74269b01fb0141516ce7cc29acce41a40efd7fe997c2f3d299674af2e68fbd7b1f428129b12a3b08f05e6817b8c557f9d05119c2ae465943413ac9445fe68547bc7566dd8931ead07fd257c9056aef81f777a42bbd6c241db499a638d100f49ff1d0b8611fcf11deb3d6fbfa4b7db82715276fa4f7c8f4eb6bebd8203861940f3ecd7c8647fb11d22fa1fe1c86d25f381b4d5b247cc8c5d7dbb7a72d5d1031035337a0d27ae8deb64685be76047b027388e588e84c584edcc4ceb569cb518a556893d77ac2f82716358f277a0a500d4e74c1a05e82d5fd37d8d365d176d2"})

11:43:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:30 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2119.121467] loop2: detected capacity change from 0 to 40
[ 2119.178251] loop1: detected capacity change from 0 to 40
[ 2119.184909] loop7: detected capacity change from 0 to 40
[ 2119.375020] syz-executor.2: attempt to access beyond end of device
[ 2119.375020] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2119.376941] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2119.407575] syz-executor.7: attempt to access beyond end of device
[ 2119.407575] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2119.409044] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2119.433418] syz-executor.1: attempt to access beyond end of device
[ 2119.433418] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2119.435508] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:43:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:43:31 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x96, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1842, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
perf_event_open(&(0x7f0000000300)={0x4, 0x80, 0x3, 0x7f, 0x49, 0x4, 0x0, 0x7f, 0x20040, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9b79, 0x2, @perf_config_ext={0x3}, 0x2008, 0x94, 0x101, 0x0, 0x4b, 0x0, 0xb5, 0x0, 0x19, 0x0, 0x7fff}, r1, 0x10, r2, 0x1)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r4, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_WDS_PEER(r4, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)={0x7c, r6, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0xb87, 0x2}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @random="4158e1aa0a28"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @random="6cc70f983c69"}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4c801}, 0x20000000)

11:43:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2119.587499] loop1: detected capacity change from 0 to 40
[ 2119.633685] syz-executor.1: attempt to access beyond end of device
[ 2119.633685] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2119.636017] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2119.651419] loop7: detected capacity change from 0 to 40
11:43:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:43:31 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
openat(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x0, 0x20)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={<r2=>0x0}, &(0x7f0000000340)=0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={<r3=>0x0}, &(0x7f00000003c0)=0xc)
r4 = fork()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
waitid(0x1, r4, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r5 = fork()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
waitid(0x0, 0x0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
ioprio_set$pid(0x1, 0x0, 0x4004)
sched_getaffinity(r5, 0x8, &(0x7f0000000640))
fcntl$getownex(r0, 0x10, &(0x7f0000000400)={0x0, <r6=>0x0})
r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000480), 0x20000, 0x0)
perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x3, 0x1, 0x0, 0xb6, 0x0, 0x7f, 0x489, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000540), 0x1}, 0x10020, 0x10001, 0x2, 0x0, 0x4, 0x7, 0x951, 0x0, 0x4, 0x0, 0x5}, r4, 0x7, 0xffffffffffffffff, 0x1)
clone3(&(0x7f00000004c0)={0x100000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140), {0x40}, &(0x7f0000000180)=""/113, 0x71, &(0x7f0000000200)=""/113, &(0x7f0000000440)=[r1, r1, r2, r3, r4, r5, r6], 0x7, {r7}}, 0x58)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:43:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:31 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xf}, 0x0, 0x0, 0x2000008, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:43:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2119.869102] syz-executor.7: attempt to access beyond end of device
[ 2119.869102] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2119.870518] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2119.873049] loop1: detected capacity change from 0 to 40
11:43:31 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:43:48 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:43:48 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:48 executing program 4:
mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x40, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r1=>0x0}, &(0x7f0000000040)=0xc)
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp(r0, r1, 0x1, r2, 0xffffffffffffffff)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2136.351091] loop7: detected capacity change from 0 to 40
11:43:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:48 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x200, 0x0, 0x8000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300542e614bc42ce9a3f783b47082303f16f32348bf5bbe9093b49dd7f01ce99a090f857c312796a7942f5cee6a5b80e000a171c300a4d8eba3806916bc6fa0eba905fd536880f4e69d7dccd019f73f", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:43:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:43:48 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$BTRFS_IOC_SNAP_CREATE(r2, 0x50009401, &(0x7f0000000300)={{r0}, "663c6c69714e68ae7110d83fce02f97548e7582409a5f49e26bdfb9c72355b0ca030760b49b990dc15268bb5edc364e9a1f8d6e6d614939c96abc2b38712f4bde3725e12e1ed748665a2aa0b2594ba3c71d002f19faf9117917c35ac3a273c664a4ff7909c2f8d5f10eb86560867d11cf58c06172f8339f52796082c516de16bb2e142b07dfdfcb3996e49f1940ddc44a01130e1ffdc508179960431471674009e78c0d18c121b0025cde7dace954b7be05a8cffbf5338fee928b8a612426d66684f5d25f2c46b7787c522ef8ac3f8d9d807da113a57828459111722133ec14604a096f318c471e10f79398204e74912a752fa650534465e632e9fb1aca6d95f2e59aa4a5a24b767696d8d7b8a887f10e99e420a0ae2e019b52ed3c35366008ee7b18b3389b273d2c3600b750af5d1e7d9f706176f542b0c8cd0f572ab6b4faa364083d45aad6e603d1cf721dbf0f315d5fc48d67f0ebd6906e04e5bb2cc742bf1e27071e3b14d81127d65e4d13bc02d42482b446531b716b8394b6f5d368411d357de3430b84d59bcd2803d491d2a8c6620e8e85d951eeb160b1ad9a0d76a908744f95448b2dc86b1734b197e20dd6d5b5088772d8b29dbe3dc5e5d035c02f70f8e9eed8a62e6fc377aa0c33849ffc512f9f63f31cba9747754eb5f15d6474a31c1fc4b9b3ec798399dddcafbc18de86db666b82fc9fef311d5d4d4365ff60309cc5011a6fd1d3ded72a7bbe3c10096a017cd48674fb4b41196f93145e4b7f3731781ea359d43e6e4c8525189276e18c8d5cf771dbffc2e1b8725ca3b6c763cad18aef1d4f54650be195c45edbfc49988ab1ec3cfa6bf91ca747b16f9c5fb5a524265b925e8bd2f79de1f1d5eac41bc124a067a16d74f733f0e19d8192d48615eb95475fdf60dcc3d44ef3832c21f2609aa3db448c355e4047f8607503ddb0dffc433c9d5d21c838ec0173f6d5b14db6089359803daca6e02e71f8641bb8727bc52e025a6bbeb39c7693366c5d479f78415a6cd71c4580d933fa6f2311ab4b1a654a9743d2d7f43e3c0467f6df11ae85b62a2fc27ecbf402e3ece24e170c12b612d87f2cb4bc924c1f8b0a26a81dad65d95cb0f64defb0765a518b9fd502769e6fd3cc00cd3c73c79338583f53ebe8ffb4d29bc42b8229df7fcea668f4a6e72b85ec9e83c8fa00ba754092ab1847f1d8ea77eb3251b53a97e5dcb09ebc71ef2f332f578e7870e29fe58ef069e79d5e4f8944d6f9c0501725d4da173845e3a296d9e7d902c89aa12d34b8324cdeb14215865d0c3c929029a9c32b79ba3826d56668c7e9762b7249300fca062f84453b109479bb2d8933b2264dd1bc90be18605bed0fa184a515cddeb68cbf1c102e8c970e89646565dd2a37312d9909c4ae64d4e624ad686bf1d15e0147df00f5ba71bd18f3c07095b19964ffe99e657d781a12c55b6ebaf047271b47a584d45bedd1c7beaa5b57ef426ad011f56b4ff6c78ea65fb8256724bdb328206695102fd163a62dc3d6e8cb6483e9065939b593d88f050f798c5fa09515c3ad4c6e5271d33db291e17f8b13a82b1e17c294089a78888eadfb924b14358411b2518aecbec5ebf0ac07b5dc89b3b1fbff88935eb566c49fc7a7f830de0ebe63aaf9f2b9af27702fe3c159b5028b8c69af915be914427c1390656a5b90f79c0b4f977a45b681bf501844f4e3e2148ee087c129928f49ea5f36f01c09b95c2b50083fa7a754d9d984fc54b10f099c49beb0540e41f09634683c45d943c642a0fe8634b0b53bc70eff78c17929adca32294661bce2eea69a6df055812d926dea756663d06416cb2e12a61eebac579727559d4009a08cce6996f5c0f4c70692eee1734861b887864fcff0bc9f31acb596e7229f89a6bb7aebd8e0c517a9b0bfa2cfed7e4008d7425e452f3f4c0b1ba4a7f9a09f9a855e9489409b011e2447b5e44aa921e93c1647ee51db5ef1e03ac4bbee734de16fff35544bc468088318fd7b553457b7f73a9e567962536c13b2f7de3e224152e7609652f61c725512af134601ba423c6431061b669b7b97cc00cb9f81d7f03636b795b0f27f7fd37d64c4b4646f882b112fed9973a41de9ec59c081f02a2f67ed9b0760a36cd56779a9aac98e76f2a0ecf332bbbab538826bd3ffec7429ffeef8ec013d67c76247949be6fa31e34c91412819b72ee7bb831a614494285723049e8c87171b22579380b21565ede24c5c19df196568105a265aa430da100f0c423656ec5b35e49e14fb238e03a83ef1908f612d2804ccb135bd5b5a2492a98bd3cd80f15513a08dea3c5242bfef9f3563e663306c47eaf668fd76b295f6400461d003a4ee3e1a00b616adedfcdc45085e113162db821fab40c3e79cd681ae6e1d5bcfc9a355f2feb31cb8d8cb8b8a90a3d4ca9e48f4e78c0d68cada316dc44e4ad6ecb984b9523dc6abf184ed41d362ece4fca3965d0a355c5d2116b0a3ed02d6d077e47d511b9c4ec7eb18342cfa1ce917150b275474c68a6a052614691fc2dbb52f7f565c202f841363700b2c0b9445957a9b5155bccc5629b92ac781f31cdf108b1278fe2ef3b53c768c949c67feca5968560c136fd3569d2cfbd42641e09e4cb0037191bdf9adec9d452f5044cfc18dfd55ebd4076dc7c2b555a74a09fbd48f35fb9b285a5deec81b45cf8b0689fffa88bf140b229c2a41d389a84d2fa8d5e0b4ccd75208dfbd7f805594094ea1ccf9664364eefaa94262cc34d51f6bdebf098c1d3bcc47274501839a6cc3fffe76e4ae1e1ec2953f09cec150d26c1b2516026953eee3f5f5b0452ebf24da9fad8a512ecb1b6018442df170ad63508fc4d2ec1a50ef5ab512b8755aac7bf50ba4fa117ede6defb487b001cfb956667e5d0449ad77f143d6c9d9397d5b27ceab5c371ccb4ad5f1c7c7eb94eef2f1d31c41dafd3b2b9dd0d58039bafe7d8f370a2e3e0efe24861d1c08d01f0cf88cbecbdfec5550d90978f8c75cf047e67a5b18e2cd918f7bce36da306571ec89c9495033b8ad8f3acda3464f0263a9bf979a86ab3d0ca8fd2a72d3dd68400caf6e26ae0b187c71afca3662c62cdc6749778a998bb2a4fa1a34e7bc2f3a51a06a65a30590e813e5c189597d1fa475e0dfdd04110c5e1036b421f87d7cd4a05bb83d064fd3cbf7d5f321cf507f7b6c11714071a17f1b8932c59bc9da5ef32707b4b564eef18d9df60d093560de6acbdf6d89b868edd6044ef5d2fef605e6a002213e1a531900c9db122450ee67a468da8b44d0f72221cee7f66cd8dfd432a413aec8ec1ce63313d64004383f8e73ed19cc44d545f926c7a0c178980621ed6ac1bf117c49e10eb5f36b75a1b95ad0cb37312576dba4f6f150883d7e4f732162265c4f9a1df4a7fd10e5c7ee665e43c8f1e7a5d4ed95d92348d0808a7f9c78cb8e71319ab765bbc81f11fb49669919eedca14bc615786480d28dc32a19b96349d84b6fb96b37d872b87babe2e15a1bd7a6dfcaba62c71ee579c19580b734d269cb9819e6fff58b941bc1dc7c466c34efe62b3343803fce54b6ea0e545b8ac14ef5b9ce701a876fc0560a27a4a997ce838c9bbdf416abfae3e16aec03eea3413700b47ce58727f762217ab22a164b177a3a7ef53e18da0daed7f9e4c98fe83665c9acf75ff61d248b22c6ea62de8029515338895899974751eee1b02c7c5d8fe49a8d2cd49a18d54128802c3daabe9738174da42d2133f27d84514b3a39796c90848d97a3c3effea47951dc044828bcaebd4e2afaf655016337f6e79fa641e322cbf3cac216b893145ed6b1561aa94777391db84bb8e564a9eca53f075246b816e759501795f1cdc559ec06bbe166b9bb20529678ac38d967fe86b2761346dc085160291aee2b749e104774dbdfc9988c196332a0823d0224813634b059beac419f4441e14ea8bc4ff47120611a785728986d44680bdd3c69da8af1d3d3e3e97eede24ec3850ebfd0a56ac4691383193206ddc89df1e5482e1643732f96eaeb632277753511d4d1d3a209b935390b5457e71a1e98df01a66750be90c4c1c1b7210608ad684a17354d5ef82710fae7196f42143595b2702d24370b7f2243815ea9694558074631fddd9fb8a22991dde2471bc95e9ec5f5bed6aae62aabd87accc05d763a37e12978e7b33c2f172e1a3f0cff00c900cb4d8033e5c76eb777f80419265a99f22cb79b68155256f8622311ef480cc03bcc8cf31e4d975a463f12c8e0077ffca46d5435ea4db67518d4670fcde0074506a0b74ebd7e90c1e4784885270d5afdea064df511468c7fab49639d88e2db1a6759b3298ecdb79b3a2a7db23f63f826bf9fd44fe4e5867de33dffbb904ea8aca19a93e439a23aeb7badf5ece4da10c4b8938d7953fff2cfb99bdbdac19e55bb0574e02988cdb05e04bffa4a4a11a59a29104ed1fc7178633a5c905533ccc3fcc40434fb16a84afc05c44c1e1a13cf09ccbda9d24e9ee925957d5afb99186e8370d143d0d5c774723211d843bbf4031954bbea70d1ad8549092c01cc1008d6cec3df287b67d96368ab64ae0ed99a1bd56329a08eb8b4020509761f301b56ca77bb362f352fb9609c8061deb3966cefa0941bbb317c60199ba26eebb1863e326ae3097ec76dd125461b6ac799dbb1aac95bcf33cbad842fe6dc9dbfbfbe34b596b6cf7af7d1c67583c1f1f17a74d242e2b0692778836ac4637ca0e438d291fa70d2e8694c3e7ba80c812a09f81d0067b38acd0f31f4711716bb45368206480cb156e595a20a8a34a31978482d6a05e046f9be21202df9ee21788d1722d2b7560d96065cb8ac87735c371e460f33260b8771c2c41590716ca41f88dd7e24f7dc6d0ba1f5c7f8921218bc8058ce1e009da39545b32782df80a9bb3d76202ac602abf8565251d1803e4a0adae322d218a64f18eb0465da5ff08453827e0d50fdcfb187d346c4c5b43334489ad4c8a960bec1cded340cc4d86b9a2e6e4415df6fcb7e7689ca91dc529ac5741d2bac1efc687a4c0c72567aa9f03c643599d488dc8abb84995f67a164f2e76ed4a1d8e608ceb7c37e6ad30d341d6df5f503e0c281a28ebf4d6c45c61ac51a929f79c440428eaeee272e4389f4e0b0e0f839d7d814457e64421bbca085330b8f03ca6d8f5145e6c794eaa6f88709dffc7d05c110452047a0bcd7bfedd585284bf63f5686dade05ad7a4641ae32f5568a26d9d64debc2ad1215a6fdb7db6ce8420575c24835cc94f0892b49c7eb51cba4985b1a6c73bba318757f3be5333d9559b587b041d0503bcc37284ec359e378a69b2016ef96156a435dd61b1e155bf648afa0982110079c6f31b59563bed9d8a193966de107e42fa301ce09d4394a9dbc06a1f009e289102a610a9c3f51aba3e175e93bb4e5cb3c597487da3fee029ba10244736ea4b1edd53528082bb37a0c6d8e04bd2fb08089edf2a38a8c7dd09ddfc4a89a5da232469a6a7ed8b5efa667898e410ff272bd71a85cee8c24bf3b0c1ba882059982eda13d980db940d07c1f994ec3789244f80cb6329ccc7d6e1adbc1fdf78a935337d0b0c8256b2ab24901c9302f11e8814bb0fe16b684bd464f8670842ee6e6a59f5d7a11479b7edef2282d88877c1a54f7138a863b35d3fc9e6b43ecb5c5204ccab55149959d35c354a61270d86a7797edf63218ffd4c646a62a96ec9a634ceb2d872d0763769c8ac96b8f261dc59ffd8d033e64f9be2775d796590a61a47e7eab8975562940e954e305db2236ccc61c9e71767cb2ec2c6daba67ec498cb545b24e41"})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x0, 0x1ffffffffffffffd}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(r1, &(0x7f0000000140)='net/protocols\x00')
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x2f, 0x0, 0x8, 0x0, 0x6, 0x840, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x6}, 0x201, 0x9, 0x5, 0x0, 0x1, 0x4, 0xac, 0x0, 0x4, 0x0, 0x8001}, 0xffffffffffffffff, 0x8, r3, 0xb)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:43:48 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2136.392982] loop1: detected capacity change from 0 to 40
[ 2136.400396] loop2: detected capacity change from 0 to 40
[ 2136.533378] syz-executor.1: attempt to access beyond end of device
[ 2136.533378] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2136.535048] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2136.546495] syz-executor.7: attempt to access beyond end of device
[ 2136.546495] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2136.548050] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:43:48 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="01000000508c401d00002b000000081f0300890dcebc990ec04fbb5f2bbfc9fc5a71bf643ce8923780301adbcdeef1a6fb0897ef27ebe16dbc2dafa8a6415b1576b373c76a76cb00fcde9ad9230248976b152f8ca13038fbeba071352f6204be619061de6d3d54d5ba565cb3585b38146432647d4dd777aa5f309c49bf359e851a6ab23f14ed17e4407dbf181ec45f659508ff65675377d3e35fd9665e6d1f6074e7b942a3f41d6803c368aced42a4fdaac6bd0b4b1643ef73e2e39cd58d6140398037509983f0ec50cb7f919ca2005e284f90bf74415cf9dc5741023423a1ad5cb647552fe544ef8ddecdbe75f9b14af850b2bac61247cfc0f14bda1f5bb59b2ac405b6bff62c1d38b14c4a7c8f42baf1aa2b66cd84665b43f63055349c365a6982139e21baa3f76ade8e0077846cd8bf7dcb85d2efcbc79cb62df779057c3604329310c5274dd299d46b561b16d8e827e49e865d17a5f6f8cb3cb9dbdb9b1e1470e2f48ca031402c467366854c30bfabccaf0a2394fc50cd9829a8b8228f3e8743d118ec5590cc0a989c7555607fd59479ce283544cf7fe8bf4526a6eb7e1d748c5dcda0f9c437fa5cca26e056265d1fa25917993ec92798974f16b142e3eb5013de88ab4a1c0a742584aab339066ef6e90c420f0024e32e44c3493471c1eb798716715c0c", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x280008d0}, 0x20000080)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
rt_sigqueueinfo(0x0, 0x2a, &(0x7f0000000300)={0xf, 0xe3c, 0x7f08})

11:43:48 executing program 5:
getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000040)=0x14)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x6}}, './file0\x00'})
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x1, 0x0, 0x4, 0xb9, 0x0, 0x0, 0x0, 0x5, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x20, 0x0, @perf_config_ext={0x0, 0x6}, 0x40010, 0x3, 0x3, 0x6, 0x1, 0x6f50, 0x8, 0x0, 0x5, 0x0, 0x8}, 0x0, 0xffffffffffffffff, r0, 0x9)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x9, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2136.589552] syz-executor.2: attempt to access beyond end of device
[ 2136.589552] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2136.591107] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:43:48 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = fork()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
waitid(0x1, r3, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000500)={0x0, <r4=>0x0})
migrate_pages(r4, 0x8001, &(0x7f0000000640)=0x2f, &(0x7f0000000680)=0x8000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000580)={{0x1, 0x1, 0x18, <r5=>r2, {0x8000, 0x5}}, './file0\x00'})
clone3(&(0x7f00000005c0)={0x80, &(0x7f0000000180), &(0x7f0000000300), &(0x7f0000000340), {0x1}, &(0x7f0000000380)=""/76, 0x4c, &(0x7f0000000480)=""/109, &(0x7f0000000400)=[r3, r4], 0x2, {r5}}, 0x58)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r7 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r7)

11:44:04 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:44:04 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:04 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x40012, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8000, 0x29)
ioprio_set$pid(0x1, r0, 0x4000)
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000000300)={0x0, 0x0, "ef9cdcbdb081605e14a2601c666b37fab449cd9ee1ed63bcee55465cd9e399e5979443cf5d5743385cb655d10e624db073addc1b4666816357875e05f89643fa4dc1d7a427689baea324b22cc33eeeb3200da545f2602257e3af673ae59d8bbfd5ceda24bf016b9f5c8b4bc91c853b3be4a857185648a78a65b049ec1cc8bcab63b495d51dcda3f983b30636a82b56954efaf403df424b713a8d654dd9265cde9ce1811f13e8ca257ef4c584cc93ee75ad76bb723fcb0e598cfa64b349669ef9b5fe1ee76f31a54f6803391deb781f1e87301958e56fb771b0990527faa362a0a2c624463fe5527ee49e29a40f006917b64689d8196225fa7fbfd5af237a9143", "2408f86a6cfd1526919cb7806bba706ac9b44a5d08f4e0479103bf5a0afa14a1c05429f892b7677a41aa0de054f56dd99be71bf1f95efa06d61781c799871f9a615caf2c077437786ecd2b1dce2755afe9236940f7a754d4a8ac432a13fba72d8fbefeef642b1e76dffbd1fb66e31a398794532f61392d93a2acd17dccd0efef2eaec9aacf2df4d9100408bad7b84b845a4f55bf831b01b6ee4718468748ce3796815518297c43b740ce47a981d4b1dcea12af6ac79972a3c05c85e05d751e9498834d33d349875bf0e4e376d14b004995b90c473e920521a6a3eeeccb4aa827282347976a9c1b135e6a8d39e6ecd64173ece944f1bb3263ad335e3ee2436a77e43a40ec323cefcf70c49b7e79ea8f1b519a524fc093b985d636a129039f0ea03a4ed074a73ce5f4f19b61f12c71e173e6cacdab798c29f8941483892f468b732281b4a2e92282478db6986c7607860d8d44b84cbd7ee027c85103000c6a0412606b84c8559907703b14e33edf5dc9460f7c21badeb9727a50c294b693fb27ea96ded88b8c178fffa105fa81f07aac0b3595302c01568bf9d1a64703089890efabc2ea0463a7cd2d792c35cb6794ee142af6a3adfbd9e37d9cdd59067e4fafd69ceb7e4fc753e43bc04698c1c406cc37eae02ad79983927477b9a08fd985e1d567635c06cbf1993ccad2f9843bc63eac066b6fb9d2f80269ed84c76cd6c76df5555bb60fc2e681b62f4121d3eb59ffdcb6af489a792ca0a219d76294337708768a823fa1b7c4ccd7714f55c0b133b96785aa05412441420def95fe0194f29528b3cc1d4b9017b5cd07947d9b4076cf648d84a6ae22a9f7326a0847dc80544baa1686ae254ad3a471c47fd16eba7dd4cdc7abc88cbc36e19874fa6eee39f3fe8a9a3874b3724533b4245da3e9ac00d5c3d1b2d0d1e9861e651723cc940910140d68e5c137a139cefac7fdc4162b5d4879131503e1abb77b75dabd5648c70ec27dd328e608d91a4fc2796ed9c0ea9989366bef1bdf88f4e787e891c36592b4f5fbe5b38bfa048e5da3788073784824093c25bc22df21cca78783e21880cc0afdd42d5c84983515af4237352e484188a3580805c67ea835894113b4217f480aed976003e31ce300889186fd4d33df33c09e2f97ca7e34bde5737a5f3c210a595ae18acd4270dd4055a0787ccfe4ee6a3309149c110f07c37a630165d25fdeaaedb49ecd71d9eb127868f60587c0c710709c4468d56fb804587ba766a9d50dc91d0e1c971f70c9a22bd334d5ec9a5f1a67e55467e4ed409b3dc7c8a8e7d22f3874f7458655baf36cceab1bb08f429c8f1da25220327fb68161974bcafed1802f70a8e497dd587bb328b78abdfb36a59054d1f9f5e3c4c14c94a0850e256cbc11832015437aa8f617f4898de313b4df3ebf2a9116e08d5090882f49c0837b10d814b5fe0fc08587effa21b3b8ad7f15bb1e27cbd109807219934c20913bad98f05e3f4486548ed28d704a88ac76e6851541d8788bdb7d9f7675ff4a278c27b9c10928018c9d956fcdf9af4574e377e74906614df9871468e0a942253fe9a5ab5c608965cbabd3f58879aaa42238beb8de87a463e667ea068cb4923f589aba38d086fb1f840a8d3384dbc9cbfc265a09c730a3b821d844b10caf1a6933d7818cf5421ab172b37405f569455c45432748ff9c017ceb347863eb9e38b4638c1097e73a332901457c525af326171d38b84e54fd3753ad24998e5d4c9cb2f8ab3529a41aef0a6ea95509f500b9fd28f7d16d92d455d2e515642f157d0bac59781cc4f44c2710534e82c71f8b4f2d0ed6aed9585127ca02f16c3d0365d4de0a01758ed738f250b1d9e39ac2db0cbafa5225472126c92e6066dc82b91559dc4c11089a7a11278c0385e00bfd19ed7fbea0d44bc2fd2ee4236cbf6217557c915ef5b081e51e34bdd192bc291823e17854882a2e4fb4688e2c4953097fca8d5fc6a181c9a676e8a847024beb8e1d3b8f8c8c7aeef86eb692e9023f4b19f75629071d31b464a8bb71fa91b68406ad28963817c5ecc0ff57b7c381bb3880596aab2ea522d236b33acfeec5208adc53953e3b24532008847f9cfe70fd80abd69a8cc0f246826c6319cf731eee3cb93180729f930b4f918a6f56ee5ce9f147bcc961e4fa270ae28919db289f09d0fdc099bb3c9c14ace2979f4842d2040328b7d7192bdf57dd490135bea85a6d1f65baef92da40a706e3a932e733759b2f2e62601adf660f37cb413c0da9095df47742a23def01f0475aa5a23e6c90d670932d63ae033ab1ac6078fc3ea5a9f3ae5d3808353fde0a6ca00ce905c75104d6bd644472b301201a8c8ef9efe3ba1be179c95339d5ac27970a7eee7384c5a2c1618e68631bb3453bf7206f42307e720d44c83dca0d7e057bbbc5f6b4f80ffa962d49d2677fdec3214c4a642362967643b12afe8de4ed5e015adb162137d9cbac3f6f93eed8f65c23a603a304a78ca4825c75a197b31bfb0db20f1c3aa8b7cffaecd49ab44920200192ac3ce20a6361df5b8c190fa50c4326a6e4060510a003f46f3675fc474c34fce616c0a08dbf255ff74ecff452e42dacda8155e3e341e9cb6c026ce83d0f6a4b21d3b3a090897e9030e85f8812b1d4a10c201421220d38727182eefcb50cc5e59382b5f58cef58f6fce35b7184b11309fe8743fe3012e7f61432161336b56de2a4925d9adfaaebc6b1c91f3ec5d949424156bd5a56c03dd4f6d3a59f4bde47a2a8320bf2f964d0a0da4e0e2603f0ff0839260593aef0e18a62c15a9bbfbe00ea99ef82c747b53912b90ec126f0aa0c12d6b5d9906cb69ff50e3f8ac42f66b6047742835e2382c559c97bfe1f7a52e455915d968c07e6d8bd7ab39ea8b5e4d05fb66d8016cc5e3bd6a7146ad2cc0f0ce100ea63ff63c59be138c63848b5c8de7ad9e1b3f5ca302bdf480474b0219b6c3c8066b2bf118b3fd03592da90e79966990ff351c801d17ea3fded740b7b495ffbd59129a1fc797bc54df94a438339bbb62b25fc3dc12bdd35330a3d2a98c9b8a87c32caf8c790f280add3fd8750dc8f5d0b3446eb599e324cb103c4f053debb508bd67a90107ada1a2812e4ffa4d41114847d646663b3b4b417981095a03c25a2474a707883cfd564ce3efc1160b49c5f813564ab3da29f3ec26af79a7aca2aa1f782f449194b8bf676fd81752811c498a1d0a5bc4a889719be6179607156fdc18365b60723c64426e731df1ad3c08edc7601a0c70b79f31c86b77dac27ba5f8b25ad227825c6f569207a7ceab08f31592b650dc696d9094d0c37541c3513c93955f002ebce95dc6b4fdbf24da67ebf133f246a594cb60d9c45d7298eabe3a719a92b2ef97fd1cc6a7797a1be2c9b4af2a8127334055e58d6526609ef50c75f629a312b0cdec4204d6ba8078577cdc59fbe3cd358b7ecf0e9cf7cc8506b7e886ade60172a2d43699e4f1eeb0100be29dd233e770a198e0b0a02889bf6b079751d35989f86739c2626360595c5a16621b925fd40fd67dbc6d14829af81c373be9ae7c43494bd2499b370d97e2e50e7acce33541dd4f304123cbf953c464f715306ef5f2bfb7d875d8ded6400c43eb9f9a5f38f58b06cf4661f74f658e30ad3c9c7027c944fb7ec0355dee1533d6a27a4f87aa774692d5ed8af78e1a06c94bca2080e05f57a7c36cf178c96fc8382eb18407cd94e266e93efa6e64dfb6da08bd45170d6b171402474874fe47fdf727c435e872942fa58bba7747fe26a6dcd387c4adc0c11d6f9a13f919d8aaebeb72f4138434e26f63d09a46851e0592920e309460670fce4e3f7bd257caa0dafe9d217975e302818fbabe7678bc329674b5fb9ff6e4de07484955458044dcc1e2f6c2fa04231d660b251d1593174302e8e5a0e9eeceff6078d5a5c73a445b0005d52d1cace2eaf8d32ef714ab734cad10c0b3737a5ade42d4fcd1f3b4ea495e11b6085d78453c68faf323c7426fef9a101635c40f06407db804159345d7107b898a7334afd6727d2f1562bc6c0d67ccd0794c89c7b6ff08eb5b9554fadf957c97d595544d8b4c1400314508e7806f76eda7fad9ca633e072ecb2b9d7d8c567cf2d2f684a52119dbdeb3341fa3fcd90a79ad208680baaa268c14d24c7eefbcd1bfcfe92a8afead2a7b002ee4bc8f1a6e4d1806897294639f58b1974f344442d00a8dff7496a70ca489bf09402fda538b99291ecc0c38c29a8e9c8155ffe2c81560295516211e181e6d2dd6ba7bf0d3c1ce68fcfcad26e3db425d29e3d0239f9a7fb54facddabf47adf47d442bf06d951c7ee5bcb02ae658dcd19c8ec068a236ca8f36e85b761db8febc5ad822c3e99a455a907dba7023da392bd558727abbc39a07221c813e30616eb64612a15d0df3ca2c57421a0e31fce5f68a0a9c9f3e04ccb4b363fcf09844e492c8f515e5e940a63ad16045a304af3fc861a23df279ca3527d325a02bfee34c6752d22ecd30a972a2f7f66bc7e76054aaef891fdc920bfacf3fcb820f8014d0c799fc9da98f6862d89f06a1ada5644fdd801a7be2c47429d0eac1e470786ca7887bbf5b4140b1ce8b7c30671f1be20a6c0f77e4e77d85ab35d5ef73ea06878163913c954169994e8f7fe02e6e23b87b87126e09316ecbf44b28c81218f9647bbdca3bef1d5b631a8b049a003dd6a42ba5b2a3c0d5fe1c7fee967d1ae053ff5488b803198392098129493557a957913d9310b3dc6f9008cab28a31c0ec46848d8bfc2f8ae6aae952f516c008713438efc912bab7e70e0d511dfd211148bebf2ed567d5c1d0691011d8eceb09aad4c593b2b20344b97aca5c07c0a9e4996a935f7104d5c83bec1acc998414150533d9638ec1872fa0d5e84119d541f4d2eeb951abd5b549f65860128f98db46f2000ec9891ce8aa970058e5bb2ee3df556fe667642d0e9281d9324fa97d86671850ea585a42529721a910dffdf4c78379bcd9cd3ead09b7b177241f7d3d3efb1e8d6e48cf88592b900e85964d2127901841ca697e755e37fad8529c75b4bff15952eef09432be80344b5b0bfa824e0571081f3f1b39b5a0660eb7af11da5641a709fbe91c9d17024504e90c177aac47382b3e631affb772e9acacef598154032e2afbaa5f293932c3e052e5a7efe39bc8b8e22d6d0d3dab247d2a8b37daad4bf7a09a90cb63273e640733a047c148622662d382ed8ad4c72e53bf24ec847b190774a3be35c9775084ff8722eeb505524666a190a9a063e53c93a015985cf04f25cfd3b0dcb5715488fb2515c6f294cbdf37e4a1927f31cd93d7a793b71c7487e305aeaec8066b010b4c0f5a22ce1eb166fb9d52ab2c7120c8ca1cb2d6f4608e6bd91183bcc7cde649bd72f35f49c04d7b325e36e2cc2602bbf8705d3654c2d5357c91"})
perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x3, 0x6, 0x5, 0x81, 0x0, 0x9, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffff, 0x3, @perf_bp={&(0x7f0000000000), 0x6}, 0x100, 0x9, 0xfff, 0x3, 0x3f, 0x1, 0x2, 0x0, 0x3, 0x0, 0x3}, 0xffffffffffffffff, 0x7, r1, 0x8)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:44:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:04 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:04 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:04 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x6, 0x49, 0x9, 0x7d, 0x0, 0x800, 0x140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x0, @perf_config_ext={0x2, 0x87}, 0x2, 0x0, 0x17f, 0x7, 0x8, 0x4a96, 0xc4, 0x0, 0x7b5, 0x0, 0x2}, 0xffffffffffffffff, 0xf, r0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r1, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
r2 = syz_io_uring_setup(0x336c, &(0x7f0000000000)={0x0, 0x8cdc, 0x8, 0x2, 0x290}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYBLOB="0367696c653000"])

[ 2152.728131] loop1: detected capacity change from 0 to 40
[ 2152.735993] loop2: detected capacity change from 0 to 40
11:44:04 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0xfffffffffffffffc, 0x8, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="0000ff07c9289b41291bd72a5af106010fe72c1370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2152.761301] loop7: detected capacity change from 0 to 40
[ 2152.867016] syz-executor.2: attempt to access beyond end of device
[ 2152.867016] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2152.868307] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2152.872181] syz-executor.1: attempt to access beyond end of device
[ 2152.872181] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2152.874014] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:44:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:04 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xfffffffffbffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000000), 0xffffffffffffffff)

[ 2152.970444] loop2: detected capacity change from 0 to 40
[ 2152.980018] syz-executor.7: attempt to access beyond end of device
[ 2152.980018] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2152.981219] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:04 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x40012, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8000, 0x29)
ioprio_set$pid(0x1, r0, 0x4000)
r2 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r2, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000000300)={0x0, 0x0, "ef9cdcbdb081605e14a2601c666b37fab449cd9ee1ed63bcee55465cd9e399e5979443cf5d5743385cb655d10e624db073addc1b4666816357875e05f89643fa4dc1d7a427689baea324b22cc33eeeb3200da545f2602257e3af673ae59d8bbfd5ceda24bf016b9f5c8b4bc91c853b3be4a857185648a78a65b049ec1cc8bcab63b495d51dcda3f983b30636a82b56954efaf403df424b713a8d654dd9265cde9ce1811f13e8ca257ef4c584cc93ee75ad76bb723fcb0e598cfa64b349669ef9b5fe1ee76f31a54f6803391deb781f1e87301958e56fb771b0990527faa362a0a2c624463fe5527ee49e29a40f006917b64689d8196225fa7fbfd5af237a9143", "2408f86a6cfd1526919cb7806bba706ac9b44a5d08f4e0479103bf5a0afa14a1c05429f892b7677a41aa0de054f56dd99be71bf1f95efa06d61781c799871f9a615caf2c077437786ecd2b1dce2755afe9236940f7a754d4a8ac432a13fba72d8fbefeef642b1e76dffbd1fb66e31a398794532f61392d93a2acd17dccd0efef2eaec9aacf2df4d9100408bad7b84b845a4f55bf831b01b6ee4718468748ce3796815518297c43b740ce47a981d4b1dcea12af6ac79972a3c05c85e05d751e9498834d33d349875bf0e4e376d14b004995b90c473e920521a6a3eeeccb4aa827282347976a9c1b135e6a8d39e6ecd64173ece944f1bb3263ad335e3ee2436a77e43a40ec323cefcf70c49b7e79ea8f1b519a524fc093b985d636a129039f0ea03a4ed074a73ce5f4f19b61f12c71e173e6cacdab798c29f8941483892f468b732281b4a2e92282478db6986c7607860d8d44b84cbd7ee027c85103000c6a0412606b84c8559907703b14e33edf5dc9460f7c21badeb9727a50c294b693fb27ea96ded88b8c178fffa105fa81f07aac0b3595302c01568bf9d1a64703089890efabc2ea0463a7cd2d792c35cb6794ee142af6a3adfbd9e37d9cdd59067e4fafd69ceb7e4fc753e43bc04698c1c406cc37eae02ad79983927477b9a08fd985e1d567635c06cbf1993ccad2f9843bc63eac066b6fb9d2f80269ed84c76cd6c76df5555bb60fc2e681b62f4121d3eb59ffdcb6af489a792ca0a219d76294337708768a823fa1b7c4ccd7714f55c0b133b96785aa05412441420def95fe0194f29528b3cc1d4b9017b5cd07947d9b4076cf648d84a6ae22a9f7326a0847dc80544baa1686ae254ad3a471c47fd16eba7dd4cdc7abc88cbc36e19874fa6eee39f3fe8a9a3874b3724533b4245da3e9ac00d5c3d1b2d0d1e9861e651723cc940910140d68e5c137a139cefac7fdc4162b5d4879131503e1abb77b75dabd5648c70ec27dd328e608d91a4fc2796ed9c0ea9989366bef1bdf88f4e787e891c36592b4f5fbe5b38bfa048e5da3788073784824093c25bc22df21cca78783e21880cc0afdd42d5c84983515af4237352e484188a3580805c67ea835894113b4217f480aed976003e31ce300889186fd4d33df33c09e2f97ca7e34bde5737a5f3c210a595ae18acd4270dd4055a0787ccfe4ee6a3309149c110f07c37a630165d25fdeaaedb49ecd71d9eb127868f60587c0c710709c4468d56fb804587ba766a9d50dc91d0e1c971f70c9a22bd334d5ec9a5f1a67e55467e4ed409b3dc7c8a8e7d22f3874f7458655baf36cceab1bb08f429c8f1da25220327fb68161974bcafed1802f70a8e497dd587bb328b78abdfb36a59054d1f9f5e3c4c14c94a0850e256cbc11832015437aa8f617f4898de313b4df3ebf2a9116e08d5090882f49c0837b10d814b5fe0fc08587effa21b3b8ad7f15bb1e27cbd109807219934c20913bad98f05e3f4486548ed28d704a88ac76e6851541d8788bdb7d9f7675ff4a278c27b9c10928018c9d956fcdf9af4574e377e74906614df9871468e0a942253fe9a5ab5c608965cbabd3f58879aaa42238beb8de87a463e667ea068cb4923f589aba38d086fb1f840a8d3384dbc9cbfc265a09c730a3b821d844b10caf1a6933d7818cf5421ab172b37405f569455c45432748ff9c017ceb347863eb9e38b4638c1097e73a332901457c525af326171d38b84e54fd3753ad24998e5d4c9cb2f8ab3529a41aef0a6ea95509f500b9fd28f7d16d92d455d2e515642f157d0bac59781cc4f44c2710534e82c71f8b4f2d0ed6aed9585127ca02f16c3d0365d4de0a01758ed738f250b1d9e39ac2db0cbafa5225472126c92e6066dc82b91559dc4c11089a7a11278c0385e00bfd19ed7fbea0d44bc2fd2ee4236cbf6217557c915ef5b081e51e34bdd192bc291823e17854882a2e4fb4688e2c4953097fca8d5fc6a181c9a676e8a847024beb8e1d3b8f8c8c7aeef86eb692e9023f4b19f75629071d31b464a8bb71fa91b68406ad28963817c5ecc0ff57b7c381bb3880596aab2ea522d236b33acfeec5208adc53953e3b24532008847f9cfe70fd80abd69a8cc0f246826c6319cf731eee3cb93180729f930b4f918a6f56ee5ce9f147bcc961e4fa270ae28919db289f09d0fdc099bb3c9c14ace2979f4842d2040328b7d7192bdf57dd490135bea85a6d1f65baef92da40a706e3a932e733759b2f2e62601adf660f37cb413c0da9095df47742a23def01f0475aa5a23e6c90d670932d63ae033ab1ac6078fc3ea5a9f3ae5d3808353fde0a6ca00ce905c75104d6bd644472b301201a8c8ef9efe3ba1be179c95339d5ac27970a7eee7384c5a2c1618e68631bb3453bf7206f42307e720d44c83dca0d7e057bbbc5f6b4f80ffa962d49d2677fdec3214c4a642362967643b12afe8de4ed5e015adb162137d9cbac3f6f93eed8f65c23a603a304a78ca4825c75a197b31bfb0db20f1c3aa8b7cffaecd49ab44920200192ac3ce20a6361df5b8c190fa50c4326a6e4060510a003f46f3675fc474c34fce616c0a08dbf255ff74ecff452e42dacda8155e3e341e9cb6c026ce83d0f6a4b21d3b3a090897e9030e85f8812b1d4a10c201421220d38727182eefcb50cc5e59382b5f58cef58f6fce35b7184b11309fe8743fe3012e7f61432161336b56de2a4925d9adfaaebc6b1c91f3ec5d949424156bd5a56c03dd4f6d3a59f4bde47a2a8320bf2f964d0a0da4e0e2603f0ff0839260593aef0e18a62c15a9bbfbe00ea99ef82c747b53912b90ec126f0aa0c12d6b5d9906cb69ff50e3f8ac42f66b6047742835e2382c559c97bfe1f7a52e455915d968c07e6d8bd7ab39ea8b5e4d05fb66d8016cc5e3bd6a7146ad2cc0f0ce100ea63ff63c59be138c63848b5c8de7ad9e1b3f5ca302bdf480474b0219b6c3c8066b2bf118b3fd03592da90e79966990ff351c801d17ea3fded740b7b495ffbd59129a1fc797bc54df94a438339bbb62b25fc3dc12bdd35330a3d2a98c9b8a87c32caf8c790f280add3fd8750dc8f5d0b3446eb599e324cb103c4f053debb508bd67a90107ada1a2812e4ffa4d41114847d646663b3b4b417981095a03c25a2474a707883cfd564ce3efc1160b49c5f813564ab3da29f3ec26af79a7aca2aa1f782f449194b8bf676fd81752811c498a1d0a5bc4a889719be6179607156fdc18365b60723c64426e731df1ad3c08edc7601a0c70b79f31c86b77dac27ba5f8b25ad227825c6f569207a7ceab08f31592b650dc696d9094d0c37541c3513c93955f002ebce95dc6b4fdbf24da67ebf133f246a594cb60d9c45d7298eabe3a719a92b2ef97fd1cc6a7797a1be2c9b4af2a8127334055e58d6526609ef50c75f629a312b0cdec4204d6ba8078577cdc59fbe3cd358b7ecf0e9cf7cc8506b7e886ade60172a2d43699e4f1eeb0100be29dd233e770a198e0b0a02889bf6b079751d35989f86739c2626360595c5a16621b925fd40fd67dbc6d14829af81c373be9ae7c43494bd2499b370d97e2e50e7acce33541dd4f304123cbf953c464f715306ef5f2bfb7d875d8ded6400c43eb9f9a5f38f58b06cf4661f74f658e30ad3c9c7027c944fb7ec0355dee1533d6a27a4f87aa774692d5ed8af78e1a06c94bca2080e05f57a7c36cf178c96fc8382eb18407cd94e266e93efa6e64dfb6da08bd45170d6b171402474874fe47fdf727c435e872942fa58bba7747fe26a6dcd387c4adc0c11d6f9a13f919d8aaebeb72f4138434e26f63d09a46851e0592920e309460670fce4e3f7bd257caa0dafe9d217975e302818fbabe7678bc329674b5fb9ff6e4de07484955458044dcc1e2f6c2fa04231d660b251d1593174302e8e5a0e9eeceff6078d5a5c73a445b0005d52d1cace2eaf8d32ef714ab734cad10c0b3737a5ade42d4fcd1f3b4ea495e11b6085d78453c68faf323c7426fef9a101635c40f06407db804159345d7107b898a7334afd6727d2f1562bc6c0d67ccd0794c89c7b6ff08eb5b9554fadf957c97d595544d8b4c1400314508e7806f76eda7fad9ca633e072ecb2b9d7d8c567cf2d2f684a52119dbdeb3341fa3fcd90a79ad208680baaa268c14d24c7eefbcd1bfcfe92a8afead2a7b002ee4bc8f1a6e4d1806897294639f58b1974f344442d00a8dff7496a70ca489bf09402fda538b99291ecc0c38c29a8e9c8155ffe2c81560295516211e181e6d2dd6ba7bf0d3c1ce68fcfcad26e3db425d29e3d0239f9a7fb54facddabf47adf47d442bf06d951c7ee5bcb02ae658dcd19c8ec068a236ca8f36e85b761db8febc5ad822c3e99a455a907dba7023da392bd558727abbc39a07221c813e30616eb64612a15d0df3ca2c57421a0e31fce5f68a0a9c9f3e04ccb4b363fcf09844e492c8f515e5e940a63ad16045a304af3fc861a23df279ca3527d325a02bfee34c6752d22ecd30a972a2f7f66bc7e76054aaef891fdc920bfacf3fcb820f8014d0c799fc9da98f6862d89f06a1ada5644fdd801a7be2c47429d0eac1e470786ca7887bbf5b4140b1ce8b7c30671f1be20a6c0f77e4e77d85ab35d5ef73ea06878163913c954169994e8f7fe02e6e23b87b87126e09316ecbf44b28c81218f9647bbdca3bef1d5b631a8b049a003dd6a42ba5b2a3c0d5fe1c7fee967d1ae053ff5488b803198392098129493557a957913d9310b3dc6f9008cab28a31c0ec46848d8bfc2f8ae6aae952f516c008713438efc912bab7e70e0d511dfd211148bebf2ed567d5c1d0691011d8eceb09aad4c593b2b20344b97aca5c07c0a9e4996a935f7104d5c83bec1acc998414150533d9638ec1872fa0d5e84119d541f4d2eeb951abd5b549f65860128f98db46f2000ec9891ce8aa970058e5bb2ee3df556fe667642d0e9281d9324fa97d86671850ea585a42529721a910dffdf4c78379bcd9cd3ead09b7b177241f7d3d3efb1e8d6e48cf88592b900e85964d2127901841ca697e755e37fad8529c75b4bff15952eef09432be80344b5b0bfa824e0571081f3f1b39b5a0660eb7af11da5641a709fbe91c9d17024504e90c177aac47382b3e631affb772e9acacef598154032e2afbaa5f293932c3e052e5a7efe39bc8b8e22d6d0d3dab247d2a8b37daad4bf7a09a90cb63273e640733a047c148622662d382ed8ad4c72e53bf24ec847b190774a3be35c9775084ff8722eeb505524666a190a9a063e53c93a015985cf04f25cfd3b0dcb5715488fb2515c6f294cbdf37e4a1927f31cd93d7a793b71c7487e305aeaec8066b010b4c0f5a22ce1eb166fb9d52ab2c7120c8ca1cb2d6f4608e6bd91183bcc7cde649bd72f35f49c04d7b325e36e2cc2602bbf8705d3654c2d5357c91"})
perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x3, 0x6, 0x5, 0x81, 0x0, 0x9, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffff, 0x3, @perf_bp={&(0x7f0000000000), 0x6}, 0x100, 0x9, 0xfff, 0x3, 0x3f, 0x1, 0x2, 0x0, 0x3, 0x0, 0x3}, 0xffffffffffffffff, 0x7, r1, 0x8)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:44:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:05 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1938, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff, 0x2000000000000000}, 0x0, 0x2000000000000000, 0x7}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x840)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
ioctl$SNAPSHOT_FREE(r3, 0x3305)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

[ 2153.102468] loop1: detected capacity change from 0 to 40
[ 2153.154344] syz-executor.2: attempt to access beyond end of device
[ 2153.154344] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.155578] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2153.180004] syz-executor.1: attempt to access beyond end of device
[ 2153.180004] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.181373] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:44:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2153.299451] loop7: detected capacity change from 0 to 40
[ 2153.390530] loop2: detected capacity change from 0 to 40
[ 2153.417293] loop1: detected capacity change from 0 to 40
[ 2153.458058] syz-executor.2: attempt to access beyond end of device
[ 2153.458058] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.459462] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2153.632106] syz-executor.7: attempt to access beyond end of device
[ 2153.632106] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.634004] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2153.666395] syz-executor.1: attempt to access beyond end of device
[ 2153.666395] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.667868] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:44:05 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r3, 0xc018620c, &(0x7f0000000300)={0x1})
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r3, 0xf504, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:44:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:05 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x18a00}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:44:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:05 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x6, 0x49, 0x9, 0x7d, 0x0, 0x800, 0x140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x0, @perf_config_ext={0x2, 0x87}, 0x2, 0x0, 0x17f, 0x7, 0x8, 0x4a96, 0xc4, 0x0, 0x7b5, 0x0, 0x2}, 0xffffffffffffffff, 0xf, r0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r1, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
r2 = syz_io_uring_setup(0x336c, &(0x7f0000000000)={0x0, 0x8cdc, 0x8, 0x2, 0x290}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180))
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYBLOB="0367696c653000"])

[ 2153.728182] loop2: detected capacity change from 0 to 40
11:44:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2153.817846] loop7: detected capacity change from 0 to 40
[ 2153.884714] syz-executor.2: attempt to access beyond end of device
[ 2153.884714] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.886293] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2153.904175] syz-executor.7: attempt to access beyond end of device
[ 2153.904175] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2153.905642] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:21 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r3 = creat(&(0x7f0000000400)='./file0\x00', 0x98)
perf_event_open(&(0x7f0000000480)={0x5, 0x80, 0x2, 0x3, 0x4, 0x5, 0x0, 0x101, 0x10500, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xff, 0x4, @perf_bp={&(0x7f00000003c0)}, 0x1, 0x100000000, 0x3, 0x5, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x40}, r2, 0xe, r3, 0x8)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x10044094)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:44:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:21 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:44:21 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc0000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x174, r0, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x26}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffffc}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xd47}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x343f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xa75c}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xe07}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x101}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xac2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x40}, 0x2)

11:44:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x10, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2169.839583] loop1: detected capacity change from 0 to 40
[ 2169.859554] loop7: detected capacity change from 0 to 40
[ 2169.868691] loop2: detected capacity change from 0 to 40
11:44:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x10, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2169.949564] syz-executor.1: attempt to access beyond end of device
[ 2169.949564] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2169.950693] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2169.980472] syz-executor.2: attempt to access beyond end of device
[ 2169.980472] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2169.982029] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:44:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x10, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2170.068432] syz-executor.7: attempt to access beyond end of device
[ 2170.068432] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2170.069936] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2170.128658] loop2: detected capacity change from 0 to 40
11:44:22 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="98df2d6889e885a586ca2f7cbe34bab3e289947a41542e01e1bdc03281b874", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000180), &(0x7f0000000300)='./file0\x00', 0x8, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:44:22 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)=<r3=>0x0)
rt_sigqueueinfo(r3, 0x1b, &(0x7f00000003c0)={0xc, 0x0, 0x4})
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x4, 0x8, 0x7, 0x6, 0x0, 0x4, 0x2080, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x1c0f, 0x6}, 0x2000, 0x0, 0x2, 0x5, 0x8, 0x101, 0x1ff, 0x0, 0x2, 0x0, 0x4}, r3, 0x2, r1, 0x2)
perf_event_open(&(0x7f0000001840)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
write(r2, &(0x7f0000000080)="01", 0x41030)
syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000240)='./file1\x00', 0x7, 0x3, &(0x7f0000000580)=[{&(0x7f0000000380)="917cdf409795b77ba80ede7e6450e8902d66ca48fbf5931495393ab1a95bd999da2aff3e33d9b6e4103c386af00f9ab671d1c0ccc53b83736bc748ae486970b2b580ef48185b86930f45c9af729ded623b3fe8820ba064aca42408e73ddeb94af402b8f8", 0x64, 0x3}, {&(0x7f0000000480)="4681eae91892bf9e0eb36bff7ccfe00107c40569af5498e8f4f2d61f5465e031852e4e7dca3af23c49aa4dd40bdd6d1f68f99a65cc7f0ee2500399f0953f6ee4fe1a4426280c3ea7af66b46553d743b4b9f820f82a93adaa6deb8d61053479cda5c9978af548d990bf4e7d7bd3c1bce520e2d1a462bda1d1f450e9ac3d2f023873473d", 0x83, 0x2}, {&(0x7f0000000540)="d6654971cf8f53b8", 0x8, 0x1}], 0x1000808, &(0x7f0000000b80)=ANY=[@ANYBLOB="265f6d6590007572ffff0000776e65723d0000000080000000009867dbb825b9557f587bbf81116cb82b4fc69c9f664d3253fe86b1947b97603b54930ecfebe5ba17e6018a46d9a99011ef5ddfd78029f10500aebc64ff0b8a797907724c72bdbe3794a357de447168287ddc66cc85d5896274533384b2a93f37ebf29fb5325aa3c6b42503ab9445f762249ec20c1d45844bcab1b5540c8f5506ba08ed63427b2e2d9e4afd5651eec09802b2c7cf3c58e3c3aac85322cb6fed2339ad8653ec1afc60dd7e9d38d58863cbed2ea506b963be679f83bfed32b3a3235de0465d62e8fd48a4dc1c97a38e2af83f66477229323279560f86fc356aa2d81bd33da28ba498e99e6af24912047fd5eec10ef7843b30bd015d23e31b28d6ca5df8ddd95f58b491f395cc772886c41d1fed176823ba3255f49fae4ab27031fdcdea738ef2050c076069dda15c529d0d663a1d75d15e6caaa4401a57266f2ed942c364e0b705bfb9100ef36f4e2875390a3729c3d573cb94693f8bf88d437e3036fc77b8832b18b3e9b6eea259a6b623c2e6e20883b294f8ec5f0485c3a79c41952cb44984ee6e2310c8a99e320bf055e5492ffdd1d961bc8223", @ANYRESDEC=0x0, @ANYBLOB=',audit,\x00'])
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x2a, 0x7, 0x3, 0x2, 0x0, 0x7, 0x400, 0xa, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x4, @perf_config_ext={0x7f, 0xff}, 0x1, 0x8, 0x8, 0x6, 0x3f, 0x8, 0x1, 0x0, 0x54, 0x0, 0x1f}, r3, 0x3, r0, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:44:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2170.281448] syz-executor.2: attempt to access beyond end of device
[ 2170.281448] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2170.282848] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:44:22 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
process_vm_readv(r1, &(0x7f0000000400)=[{&(0x7f0000000180)=""/20, 0x14}, {&(0x7f0000000300)=""/45, 0x2d}, {&(0x7f0000000340)=""/155, 0x9b}], 0x3, &(0x7f00000005c0)=[{&(0x7f0000000480)=""/89, 0x59}, {&(0x7f0000000500)=""/37, 0x25}, {&(0x7f0000000540)=""/42, 0x2a}, {&(0x7f0000000580)=""/29, 0x1d}], 0x4, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2170.383337] loop7: detected capacity change from 0 to 40
[ 2170.554513] syz-executor.7: attempt to access beyond end of device
[ 2170.554513] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2170.555990] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:38 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r2, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r2, 0x408c5333, &(0x7f0000000300)={0x0, 0xa23, 0x0, 'queue1\x00', 0x6e922f59})
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:44:38 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:38 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000)={0x0, 0x0, 0x322e})
r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000200))
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYRESHEX=r4, @ANYRES32=r2, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf225c026a0d62f6303202344d18741f47a5696f2e0c0"], 0x98}}, 0x81)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = fork()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
waitid(0x1, r6, &(0x7f0000000680), 0x3, &(0x7f0000000440))
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r7=>r5, {0x1000, 0x5}}, './file0\x00'})
clone3(&(0x7f0000000540)={0x28000000, &(0x7f0000000300)=<r8=>0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000380), {0x2d}, &(0x7f0000000480)=""/179, 0xb3, &(0x7f00000003c0)=""/51, &(0x7f0000000400)=[r1, r1, r1, r1, r1, r1, r1, r1], 0x8}, 0x58)
write$snapshot(r7, &(0x7f00000005c0)="41dee674febefa989b1992492eccfb0f33a93db05c2054a5c24efd1781df1f2764d5244c3b51bcaa3fdad1499f029b83d8eac11a2e9db2cf102b0026cbb8f4c40dcc2f2ab06bebb487ca6444ab2c29bd896482933d241e5238006db8f8233073cee5a015cffea85a0dac2bd717c7923a28692b933a0e544d046b03aa169a5fa3774ca3463cf61e3af4a02daca86808ece80bceb26a17733568ca7edae70844dff059d594c1759b5b0b6a4527", 0xac)
kcmp(r6, r1, 0x6, r7, r8)
r9 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r9)

11:44:38 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2186.566539] loop7: detected capacity change from 0 to 40
11:44:38 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x10, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:44:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x10, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:38 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:38 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000)={0x0, 0x0, 0x322e})
r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000200))
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYRESHEX=r4, @ANYRES32=r2, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf225c026a0d62f6303202344d18741f47a5696f2e0c0"], 0x98}}, 0x81)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = fork()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
waitid(0x1, r6, &(0x7f0000000680), 0x3, &(0x7f0000000440))
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r7=>r5, {0x1000, 0x5}}, './file0\x00'})
clone3(&(0x7f0000000540)={0x28000000, &(0x7f0000000300)=<r8=>0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000380), {0x2d}, &(0x7f0000000480)=""/179, 0xb3, &(0x7f00000003c0)=""/51, &(0x7f0000000400)=[r1, r1, r1, r1, r1, r1, r1, r1], 0x8}, 0x58)
write$snapshot(r7, &(0x7f00000005c0)="41dee674febefa989b1992492eccfb0f33a93db05c2054a5c24efd1781df1f2764d5244c3b51bcaa3fdad1499f029b83d8eac11a2e9db2cf102b0026cbb8f4c40dcc2f2ab06bebb487ca6444ab2c29bd896482933d241e5238006db8f8233073cee5a015cffea85a0dac2bd717c7923a28692b933a0e544d046b03aa169a5fa3774ca3463cf61e3af4a02daca86808ece80bceb26a17733568ca7edae70844dff059d594c1759b5b0b6a4527", 0xac)
kcmp(r6, r1, 0x6, r7, r8)
r9 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r9)

[ 2186.581583] loop1: detected capacity change from 0 to 40
[ 2186.589937] loop2: detected capacity change from 0 to 40
[ 2186.679286] syz-executor.1: attempt to access beyond end of device
[ 2186.679286] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2186.680401] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2186.723407] syz-executor.2: attempt to access beyond end of device
[ 2186.723407] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2186.724555] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2186.728005] syz-executor.7: attempt to access beyond end of device
[ 2186.728005] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2186.729263] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:38 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:38 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2186.796474] loop1: detected capacity change from 0 to 40
11:44:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2186.879518] loop2: detected capacity change from 0 to 40
11:44:38 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2186.913023] syz-executor.2: attempt to access beyond end of device
[ 2186.913023] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2186.913980] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2186.978377] loop7: detected capacity change from 0 to 40
[ 2187.108060] syz-executor.7: attempt to access beyond end of device
[ 2187.108060] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2187.109082] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2187.114640] syz-executor.1: attempt to access beyond end of device
[ 2187.114640] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2187.116221] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:44:55 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98008000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f63032023e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
ptrace$getregset(0x4204, r1, 0x4, &(0x7f0000000180)={&(0x7f0000000300)=""/242, 0xf2})
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$SNAPSHOT_FREE(r3, 0x3305)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:44:55 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r2, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r2, 0x408c5333, &(0x7f0000000300)={0x0, 0xa23, 0x0, 'queue1\x00', 0x6e922f59})
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:44:55 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="01eac100", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:44:55 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:44:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:55 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x10, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2203.490169] loop2: detected capacity change from 0 to 40
[ 2203.499537] loop1: detected capacity change from 0 to 40
[ 2203.505365] loop7: detected capacity change from 0 to 40
11:44:55 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98008000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f63032023e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
ptrace$getregset(0x4204, r1, 0x4, &(0x7f0000000180)={&(0x7f0000000300)=""/242, 0xf2})
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$SNAPSHOT_FREE(r3, 0x3305)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:44:55 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2203.667201] syz-executor.2: attempt to access beyond end of device
[ 2203.667201] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2203.669008] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2203.691244] syz-executor.7: attempt to access beyond end of device
[ 2203.691244] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2203.692693] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:55 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:44:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2203.817664] loop7: detected capacity change from 0 to 40
11:44:55 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2203.870092] syz-executor.7: attempt to access beyond end of device
[ 2203.870092] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2203.871522] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2203.874469] syz-executor.1: attempt to access beyond end of device
[ 2203.874469] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2203.876197] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:44:55 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98008000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f63032023e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
ptrace$getregset(0x4204, r1, 0x4, &(0x7f0000000180)={&(0x7f0000000300)=""/242, 0xf2})
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$SNAPSHOT_FREE(r3, 0x3305)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:44:55 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2203.943226] loop2: detected capacity change from 0 to 40
11:44:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2204.093431] loop7: detected capacity change from 0 to 40
11:44:56 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x8, 0x6b, 0xac, 0x6, 0x0, 0x1f, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffffffff, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x2000, 0x8, 0x8, 0x2, 0x8b5f, 0x2, 0xb78, 0x0, 0x9, 0x0, 0x1}, 0xffffffffffffffff, 0x3, r0, 0x8)
r1 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r1, 0x1, 0x0, 0xf, 0x0, 0x18)
write(r1, &(0x7f0000000300)="bc61434f5bc0c8f0e2e8f96795be30e69a081d1195bf5a08d9629bcb1d8db37a266d5e51d3cdd3be081c2d85f2afe538b0e7e71b450430ed6da38f1b1e91050fc968c681b9c9c49eb47cc97f23ee0c6e2be6c65daf012037ff408f11f2676edfe918b8ba6f62e1e846243a8def0968a35419c0a3d9817390c9b8d4213941627f301516240970d45d253b67b54ba852fb7a2a64cf11656433c111e7181fd4e4f3f80ce3c995ccc9099f16eaae7dcfbee6923e69fd4b7490f848da010d90c867e9de39c2a7a6729fcc2bf86fea9679f1458d0e25cdf6e0fbbea08d21cc2cb72be372b2da60b8486d13f46223d25296e74b3d73d8", 0xf3)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2204.187419] syz-executor.2: attempt to access beyond end of device
[ 2204.187419] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2204.189042] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2204.252528] loop1: detected capacity change from 0 to 40
11:44:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2204.314301] syz-executor.7: attempt to access beyond end of device
[ 2204.314301] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2204.315683] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:44:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2204.452888] loop2: detected capacity change from 0 to 40
[ 2204.545112] syz-executor.2: attempt to access beyond end of device
[ 2204.545112] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2204.546413] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2204.599468] syz-executor.1: attempt to access beyond end of device
[ 2204.599468] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2204.601223] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:45:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:12 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x8, 0x6b, 0xac, 0x6, 0x0, 0x1f, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffffffff, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x2000, 0x8, 0x8, 0x2, 0x8b5f, 0x2, 0xb78, 0x0, 0x9, 0x0, 0x1}, 0xffffffffffffffff, 0x3, r0, 0x8)
r1 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r1, 0x1, 0x0, 0xf, 0x0, 0x18)
write(r1, &(0x7f0000000300)="bc61434f5bc0c8f0e2e8f96795be30e69a081d1195bf5a08d9629bcb1d8db37a266d5e51d3cdd3be081c2d85f2afe538b0e7e71b450430ed6da38f1b1e91050fc968c681b9c9c49eb47cc97f23ee0c6e2be6c65daf012037ff408f11f2676edfe918b8ba6f62e1e846243a8def0968a35419c0a3d9817390c9b8d4213941627f301516240970d45d253b67b54ba852fb7a2a64cf11656433c111e7181fd4e4f3f80ce3c995ccc9099f16eaae7dcfbee6923e69fd4b7490f848da010d90c867e9de39c2a7a6729fcc2bf86fea9679f1458d0e25cdf6e0fbbea08d21cc2cb72be372b2da60b8486d13f46223d25296e74b3d73d8", 0xf3)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:45:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2220.332261] loop1: detected capacity change from 0 to 40
[ 2220.335602] loop2: detected capacity change from 0 to 40
[ 2220.348103] loop7: detected capacity change from 0 to 40
[ 2220.449558] syz-executor.1: attempt to access beyond end of device
[ 2220.449558] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2220.450758] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2220.511241] syz-executor.2: attempt to access beyond end of device
[ 2220.511241] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2220.513670] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:45:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:45:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2220.594496] syz-executor.7: attempt to access beyond end of device
[ 2220.594496] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2220.595945] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:45:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2220.793418] loop1: detected capacity change from 0 to 40
[ 2220.926043] syz-executor.1: attempt to access beyond end of device
[ 2220.926043] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2220.927548] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2220.942327] loop7: detected capacity change from 0 to 40
11:45:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:13 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000)={0x0, 0x5})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2221.101265] syz-executor.7: attempt to access beyond end of device
[ 2221.101265] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2221.102900] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2221.203569] loop1: detected capacity change from 0 to 40
[ 2221.347351] syz-executor.1: attempt to access beyond end of device
[ 2221.347351] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2221.348834] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:45:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:45:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2237.037551] loop2: detected capacity change from 0 to 40
[ 2237.061225] loop7: detected capacity change from 0 to 40
11:45:29 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000)={0x0, 0x5})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:45:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2237.081313] loop1: detected capacity change from 0 to 40
[ 2237.182137] syz-executor.7: attempt to access beyond end of device
[ 2237.182137] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2237.183591] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:45:29 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000)={0x0, 0x5})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:45:29 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2237.299571] syz-executor.1: attempt to access beyond end of device
[ 2237.299571] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2237.301145] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2237.428701] loop7: detected capacity change from 0 to 40
11:45:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2237.461609] syz-executor.2: attempt to access beyond end of device
[ 2237.461609] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2237.463230] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:45:29 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
write$binfmt_aout(r0, &(0x7f0000000300)={{0x10b, 0x7, 0x4, 0x3c4, 0x2fd, 0xd6, 0x1ba, 0x200}, "5172a16a03b7d8f3f404e847ba5ff7929ee15a52032ad428c5e4b75a079584d8dd61d6dc0ca82d25375c05bc46f8afa9764488f28b0cd5071b2b769c15aec708f360ed56c443f4dfa5db9d59fda42989c2f1acfe336020019c3ad3c4ebd58d93a7059b989517a64491a5925796384a8499ed84d190ad7069bc5c924a8a3a574b2670f15d7737ffd139118f7bb7395863d300"}, 0xb2)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2237.602674] syz-executor.7: attempt to access beyond end of device
[ 2237.602674] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2237.604092] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2237.644811] loop1: detected capacity change from 0 to 40
11:45:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:29 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2237.854441] loop7: detected capacity change from 0 to 40
[ 2237.900629] loop2: detected capacity change from 0 to 40
11:45:29 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
write$binfmt_aout(r0, &(0x7f0000000300)={{0x10b, 0x7, 0x4, 0x3c4, 0x2fd, 0xd6, 0x1ba, 0x200}, "5172a16a03b7d8f3f404e847ba5ff7929ee15a52032ad428c5e4b75a079584d8dd61d6dc0ca82d25375c05bc46f8afa9764488f28b0cd5071b2b769c15aec708f360ed56c443f4dfa5db9d59fda42989c2f1acfe336020019c3ad3c4ebd58d93a7059b989517a64491a5925796384a8499ed84d190ad7069bc5c924a8a3a574b2670f15d7737ffd139118f7bb7395863d300"}, 0xb2)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

[ 2237.926194] syz-executor.1: attempt to access beyond end of device
[ 2237.926194] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2237.927533] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2237.950110] syz-executor.7: attempt to access beyond end of device
[ 2237.950110] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2237.951489] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:45:29 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:30 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2238.119227] loop1: detected capacity change from 0 to 40
[ 2238.280434] syz-executor.1: attempt to access beyond end of device
[ 2238.280434] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2238.281959] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2238.341526] syz-executor.2: attempt to access beyond end of device
[ 2238.341526] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2238.343213] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:45:46 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:45:46 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:46 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
write$binfmt_aout(r0, &(0x7f0000000300)={{0x10b, 0x7, 0x4, 0x3c4, 0x2fd, 0xd6, 0x1ba, 0x200}, "5172a16a03b7d8f3f404e847ba5ff7929ee15a52032ad428c5e4b75a079584d8dd61d6dc0ca82d25375c05bc46f8afa9764488f28b0cd5071b2b769c15aec708f360ed56c443f4dfa5db9d59fda42989c2f1acfe336020019c3ad3c4ebd58d93a7059b989517a64491a5925796384a8499ed84d190ad7069bc5c924a8a3a574b2670f15d7737ffd139118f7bb7395863d300"}, 0xb2)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)

11:45:46 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:45:46 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:45:46 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2254.358345] loop2: detected capacity change from 0 to 40
[ 2254.365124] loop1: detected capacity change from 0 to 40
[ 2254.403437] loop7: detected capacity change from 0 to 40
11:45:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2254.565930] syz-executor.2: attempt to access beyond end of device
[ 2254.565930] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2254.567681] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2254.616626] syz-executor.1: attempt to access beyond end of device
[ 2254.616626] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2254.619585] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2254.631529] syz-executor.7: attempt to access beyond end of device
[ 2254.631529] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2254.633229] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:45:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:46 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:46 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2254.831377] loop1: detected capacity change from 0 to 40
[ 2254.914243] loop7: detected capacity change from 0 to 40
[ 2254.933207] loop2: detected capacity change from 0 to 40
[ 2255.095064] syz-executor.1: attempt to access beyond end of device
[ 2255.095064] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2255.096435] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2255.098919] syz-executor.2: attempt to access beyond end of device
[ 2255.098919] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2255.100391] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:45:47 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:45:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:45:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2255.327454] loop1: detected capacity change from 0 to 40
[ 2255.368174] loop2: detected capacity change from 0 to 40
[ 2255.377494] syz-executor.7: attempt to access beyond end of device
[ 2255.377494] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2255.379341] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:45:47 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:45:47 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2255.520120] syz-executor.2: attempt to access beyond end of device
[ 2255.520120] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
11:45:47 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
ioprio_set$pid(0x2, r0, 0x4007)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x4, 0x6, &(0x7f00000014c0)=[{&(0x7f0000000200)="403dd252ea256239c3dbcd5a90d9c662018122b9f2d64935dc964459998cac2c6f08ea2e6232e4b4c5fa12d6b634d1043a0754245d77b10fa93401241d18de431f5e40a66394f27e300d4d53b7fe77fd10bde5fca0e3d70bed4e05afc099a1050b417707660eb5cbc196fc", 0x6b, 0x5}, {&(0x7f0000000300)="47367bbe0187ac1054183ab71d5edcf52b1c7d23a0ec9b60de3f48a76c", 0x1d, 0x29}, {&(0x7f0000000340)="9102edb40c9615fdc2bda00eae2c8a1b3d5717f3c36d245708e65cfae335a26f2ba07dbac718e6a5076e0965f6f948ff954ea2da3c5adc3137bb9b21d7bcdf9d6ef82c33eca243fe944797", 0x4b, 0x80}, {&(0x7f00000003c0)="d01abe49225212a13cdc33585c74246a1fa241f1b8099d40d37eb370e450186273f4d98ff128a7786c847209482119c78a3ee40ef7299f23d918471d5b6d890e19e4b2ca03621961f9c54506f80fcf70513b7fdcbcfbc88e492016e374835e66c492113004fd31d8f6fc77eb726d490e532aa4b580113e2d32b5e160b75e05b940f322d4dd243af1e8fa280a93c3274c5ff761d3fe7b40af23b7db99c9f68e3e24d1a163d617a0eb2b65acf8828ecada9c9b0d94ad79f850421b2d09f93f938d870e6574f8873314036b0503b438049de22be2ef8c83977dcca2553eb73867304cd8d633aa3b1a40bbbc32eb190d988d389652e7803ab26c3f23356f5c942a7e7b8119fa1d8eda4887a8ce3ac0563c5ed55bd536d9e1985db53fa41f8dbd24c6828fd8691a232efb657bd14e7e19f2ac327efd72ebc3b631811028f7de41f438f67553cd6141b0e785f70826e189cc0babfdb0111fc2325054c9ebc67aad734526aaa9bee2f8df9341978d0e19a55f47ad39fd526ed7501cfe59363ac640c8dae8198ca537a3ca30037bebbdf7fbb79e45ed2092dcc8539d23cdafed05a59ade8130fc9cdb529f9d27d4c784cdcb1bac570215c0c216bd037f1de3dd05cfe281d913981e51927698331a271b58ffef5326291370b5708f9a23b936c79ab0c29b43ea2ed90cd4b9123bcd29014f0c50a1e86936b329d55898645ca9ce4bf84de134a4ac02719dc421462a6fc77249483715907edbb7be9d897512c40b91d84a00ccfab2de1d36db7c9258afd0bf0a78ecde6834dfd7238824f5ae7a669c20f42e060fb0342e87e58dee60ae97f00b75e1da3a73e714f9c171cc36c0eaa564c59c266a46d36331646e2c8722483b9f1892e7679b61c87f38b312f508715f3107d23b86c9ee7b154fbda070627e5cdf075319cc2884cfd6c6a3494a99462b800ad083f8b724f4f62a4c6268d3a8fdd416eb1a010db898a3e1e9bd3db83c082b32df3f69331abef4efb300f609554b4fde35ac7ec8192f90c0a94e157bdf795db82f4749fdf195ef6178944bc3c98bc2fd2193a4bd2c554c83dcca1766f3f8dd4a747389cd0dcac9c084fd10542b5c16d3e97c4238597c69ee073d7434690605d6d0457b047763ebd2a0f47b16784496762c2baee93f61b5b3a81ee8976608263bc4c4b59cde1bf26444e12799947435ae2cc458f7306fe0f325b024d00a2c1a89f062f4359176ef4149199b718041e1c29bf7fca020b4fc8e19aed0a6af065f659b21bfd1b685f67b9e2ee343868a51dd3a5138f8b4b23147d1cdc96841c05018fec96c9a89c67fbd4b9b52717ad0f78cb6cd3309d7e727467e164e2e4d5571193c95c3bfefb1773722814a4cd1e16772df193cbba1f10e10ed0c3631d095132ac64f3924ffbcfac0c32439d372da30fcfe1c68dbd9b9e88c84454439c86f25a07e528f41987ff5eaaab1929c34be138aa277884a902388cd40a2e0ed5afa3e97adfd14608aecf2022221658f8c68f659fdf959ebbae7f385f55a2b42b1290631b9165988f6131bc7ef7548eae67259c8232efb69c5b4738bc9a08af5e58cc216e2d0705b68ce3302394f20eb435375529f81e0d0ed4f1378b75cdea703598be18e95a9dabe57907920725da066ba7e4b4403569ea9da0d1b714ca94ae0a77e80e34a016d273c97be36327b60584c3531f3393c54af8287f08a825c3c17de9593b22014076d084b967306389669ed6e0300a43124876fea2b491889bbab03e939ae66e22b37b741ccb15e6fb48db09d67439377bdf3d5829e0a0ebd80fef3e5017ff7d48cd0d0e435efed19ec379d8610ba7f5f48d93b60dea8e76acea460f0f3c90baaa30984133bcd36ab3639aad873442bc62d901aac9b50389d4408ea2125a146f74a81a9486b1a411ef5cd732628c55ed485de4397f89207dc3be2c4bdcd3cadfc08338f75f888d9f5b552fb60ab922409cad7d1bd3a40ae8389f2492a46971a865833d822b46c327356eb99d0b80d3d7fe93c730b38980909c4a98df54210faa035b99c3f52fc98e63dbf1555aa453c4131dc072fbc6f5b02868d73d62694e76ecdca9ec4d10925f3dc7ef8a0308aaec034bb6a96654443ace89dc9520925c076e8a97eeb885a2d5b0f46fde1248be75f97de68ff12997ac6b074dec89c30b02d00837293ce3a5c7f3850f67f9bcfb300ab73f717624b3e1c6742a8b6c3a67e3f4ffa5173835ff3333bb00bd3d00d06c74c941895004803687bcc4dd49ec27d4fc5ea8ada70c0890b101f39e620420a22d1046936cdb15e7be665f214a57b55a06c05d32d41a924a311faf64e5f44c5f88c2cbb5cb59a69c74fb090930da9a78593b7cad3e05ca53d10f1e8a22740f006403f275e180e9874247ff2cb89cf66c675fd573bfaaee0f3ef37025619710b6366e92d2708f2868eccca812c377ab697aa00100a690c8f4645d902c575a875b75b1dde167b2ee7cdf63609da2fc634887f8b4ce4b7d7a2e413a21b14970d7b5f1fc3b7995cd503783cb6c47dc56f8c5486d47626364415db1efcaa10bbd56d04dd820b621e5096999616e68932bbe3ba6eb4bf8e8a6884d58554b0acb767d8a3c6bee47dbd9be9afdf3f9a458136ef31fe04d5e4465eb8b8f52b69b41731393a439b6d29e57e7e090a04043a66171796f2a1e89f26baca4bb384eb03ce24db9e7aa866b1d52913f34771eaea176bef6801113ff72aec45a000f98804d8396fd415ad64662318fae945fb130e446e373b88ea8792795a2c8d4198a61b90e8a3eca4b8944fcd018b1cd6b3f5d093c66d1496f55e25b0e2e73ce0c82a2dbf5c84816f7cbd4a4a178f18398e04485d902ecdeb34409283ada13eb88f06c2e76d451ec4f296847cc0e0668ea1975e2491adb018bc020a95f4bb4138520b6ec201b1be308e03329691479b6892d3d1a4a2433bcf7b46dc6c434473178fb71614e07c1876d94b25d2ce156c724ea7bad177ddc04c45aa6dd7ebf7f8f5dc20bfd0689587106703e87ec124682dd3f405e5c75f3abeb52f3b6341feb75a0184a0091918c30aeab94aea64d6318d5b3aaea94d632a98cc1be911c95d4fa45345bbf71d323bfd19a740402e54c16c4ecd27c6558834bfa088d527ad240a097ee133504e90083ff1205443d7d513f334ac4b96e6880ff177e6d6f9f2a49d16cc01541558bff940525213c01aa937ed705c37d666e218383a4f9da7f055a00a21312c894d976e0c129259a01c21c6beab5a90914e33ba1b1c2d91335db4d09e91f7b0cf30f4149946e30afc1c83880bb97e43e978985bbe41986d3f26d78c756b57487919599e58ad92c20b54113ba9206ae7dc4968fba4c2bd02fc74b3280e8e633ec74cd6fd8404de0642db6333afb95ae52e5dbd1c5b868e392c939c4365d8e4afda52cc3cbcc9184d8cfada94cd408ab65becd38777ca7843b36f3a5c863e08f21682f02ae97d49d985fa783d8e3e98c6f1e74f313fd3feee9ef8e64aecd602e559008fccd02cca6d53a6b72f0f0db8474b68e583aa2891470f0d238897df377b70728402b85729bc000ce6ec0f01b619c005c0c00b80497c0005baaa3175753470453bf8c59da073b6a1da9a9b1d2f759ac0881f5994a40bb3cdaa635e64c6eb78343ad873af6bfb93bf798a8393628a773d448b09f86c94ece459635036e73da06ef908d77c8be385cf3e101b79b4b4d9a7e645d29940166fac92c9cab0e2525421672ded3a4739c3dddb41c9a6ec87cf75fdefb9860e74fbfe1c9c85bb281ce6df1beeaa5fb924ca732f04d538a988521e8d9cb803a68491d16df22485579f96d8044960c2ef4b11c8dbacab2df8d96af4423d6f94ea21c47cf36d19affd692f876e5f9843bb7cafc360141ee1dbe8adb93a4e8200682daf515d123093aec261632bef6e63727cabe53fb0e4d28de0c8d39d1dcfd4413b855d5c8a3f54bcad36f340bedab2c08aaa54c627f8ff9d3b89f97afa984e72c821daabe3197d5180c42bc8c81179e8e8e389e09d970ab05dd101442c50598664ee385c905685e877e3373684dd5c0c2caf961c46d4ac6ebea483863242271a32d3da6f49324da53d027016f35765f2e03391725075254074a088dc83491bcc7a9678ad79d3c157bcb7c48996359d910b917e86285504ff11957f3bda2f43cdf84aa200a46f2d8122a1acbce64a4bc5b1d8a20c16128e6d34e9ffd3a80c1dc5ecc0c4f1ea3a0e6bc02640f2c7424e9a2dfc27b0a32774942cc6eca4cae5267de7104b07c6ec0290b63a7af6f6179a4df4288ae62b53bb4a0aae35eba2bae6a626ebe641c5eeecc4a463b8fe879a18adc636fd9aebc9d81bae9485248091d8a05e82919fb3fdfbe4f63b19c64b2663bcc66ed909baf1d2c59ce8a9ae72f0a2c1f8f60611787cce8620cf5603fd8479158671d4246b910d9ea87ca4f8410527d80c3169414dbc49e0df04df7b4cd0e39bd0d4ad750b6762c340fd8b906f87fc71a6adddf4d1b53c11b8a8db614f32b51760391002300c354ccff9fc50938fa1327df0eae2d65e3d42a07f8f871256ba2652c789b31c1e23e15bc988f18f7f8a62345e6b6cd7c7f5e1c256502dc1e3535789c99b06bb9027963b352330ab4d50c2962b19c3365e4f917b0be1da4e2a9e4a485b3f50dcff958ae2d4c816aefabe1fdfc6957c0ab0aa5ae0e2b37e4b65a932b8eec692edf2e6c62e99a5f56e1b853971432a6bb49ac7414a3603e5bdc44c554f22e2a5bd94d9e492b07667484c8e916b18cbeb394e9f94260013991cd6631e6ddd35b7f64a0aaf4ef46d74d2d1c5b49ae3ce5f64bf4ebbd59bbd62d2f4c5b18361f8913a4c5a8569d87fd9149a43abbdaa7f918e88b8e2876bc653a1e970e4542f8e7a8cdc6699e3baed08b1a9b91a059896a059b6f4ad2f0630802ef09bcde1140c31b683ccfce72306c2ca3a70edfa2d36d2e669c461e4cbe07b48f4726a95c6d1bce1fd076a824b32d376ddb0cdee017615d97ce7e34d00bfba6649de5c5315b241193b5e6126fa46bb0a92f79695ea5ce4c00a80b72c8e91ae60fabf70f882d2ac8f991ddf43e0b65c8a692a95f27de0b0cdfb5ea6ec6f8b6c37bcb6b23699f3cd92282ff30737dacecae34134659b29a991c0258f1e0da66d7fe29a83b9f5fef73ef498a9435bebb653037c8909531ffba5e30faf1207f2f40feb7e8ceb987eb9293cdafc505ac03ef3ab9424341400ac8e363150c1829fcb007757091a96b43a82614d55cb301a394443aa68da5b4106f75b62866939beea8d2bbe3f8bdabd013266559d29d3fe728655c9a8ff4b5659ee0063ab00c69e5292add640c1a8a24139482c055e6f5b4f024465181872baa2721e0ec0125dac82062cf41007ff03a7220ec9b7dc49505349087b5c4d3ef789a0577dfee1b6825912c5b94a5d1e9e7803e4ecdc81b580202eea5cf4ce63eeaa73847be035940d783fdec0b35f8e849b41f49199dc0fa037ba887f4cde4f5d2a2ce2baaaffe91229f8692e8990a5eb06a8264b0864e72354673d0179494e7109a7e94f798cf6da371bfd353578d0e50cee8ca93e48b8fd610f9425f0cf15033354f07d253353407d024001e44617babe41671ac30137eae7178e08c221e682ee8821f67456deca360fa862174510123751010bb07bd6ad91bc52e05923593a22c180212a38e735d1664b074c0af8dc90a64885cd847fa0b3edd55993eb413931caf22bb47025c3fd397328ba47a7ed467ed8b7f17a00665e2bbf46faa99e9f5c5e17bbf8bd0dca7e43e5d55d70596fae0c6c536421e779", 0x1000, 0x5}, {&(0x7f00000013c0)="f084e1c745d0a76131c815a155f1ba9f20d0a77aeffd2b68688455f0abafb4d6a45d1829d7df9a9cc9068198e5d261919177658a43e1a446a51cbbf0ffc374ec89ab1129dd7797f596844f27aef9fb1bfa00a3c5c8935a425365a0459228b25981b2084c3395aed425341ec5475b89c3e2955c83e3855d0d220a604375667f70c04b7e66f739d0a7a469cab112c1b820ddc0e321", 0x94, 0x1}, {&(0x7f0000001480)="8c316c6a650bb81a60b11eb86ecbbc7c3bdfcbf1a213635e9c7d7285f825297dfa6f3b610aa46bc7d7994750234ba02a44df732a9f7cbb921747", 0x3a}], 0x2800010, &(0x7f0000001580)=ANY=[@ANYBLOB="e76865636b3d72656c617865642c636865636b3d72656c61786564a6996f6a6f6c6965742c75746638340c7ab92c6d61703d61636f726e2c63727566742c6e6f6a6f6c6965742c666f77", @ANYRESDEC=0xee01, @ANYBLOB=',func=MODULE_CHECK,\x00'])
ioctl$AUTOFS_IOC_ASKUMOUNT(r1, 0x80049370, &(0x7f0000001600))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2255.522094] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2255.537235] syz-executor.1: attempt to access beyond end of device
[ 2255.537235] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2255.539008] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:46:03 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:03 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:03 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x0, '\x00', 0x1, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:03 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:03 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:03 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x0, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:03 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2271.874678] loop7: detected capacity change from 0 to 40
[ 2271.881201] loop1: detected capacity change from 0 to 40
[ 2271.899326] loop2: detected capacity change from 0 to 40
[ 2272.036816] syz-executor.7: attempt to access beyond end of device
[ 2272.036816] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2272.038202] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2272.082440] syz-executor.1: attempt to access beyond end of device
[ 2272.082440] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2272.084035] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:46:04 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:04 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2272.383246] loop1: detected capacity change from 0 to 40
[ 2272.424899] loop7: detected capacity change from 0 to 40
[ 2272.460658] syz-executor.1: attempt to access beyond end of device
[ 2272.460658] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2272.461954] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:46:04 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:04 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2272.586597] syz-executor.7: attempt to access beyond end of device
[ 2272.586597] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2272.587583] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:46:20 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:20 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x0, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2288.901846] loop1: detected capacity change from 0 to 40
[ 2288.907360] loop7: detected capacity change from 0 to 40
[ 2288.925712] loop2: detected capacity change from 0 to 40
[ 2289.051326] syz-executor.1: attempt to access beyond end of device
[ 2289.051326] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.052617] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2289.054143] syz-executor.7: attempt to access beyond end of device
[ 2289.054143] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.055670] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:46:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2289.206963] syz-executor.2: attempt to access beyond end of device
[ 2289.206963] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.208401] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2289.233147] loop1: detected capacity change from 0 to 40
11:46:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2289.324576] syz-executor.1: attempt to access beyond end of device
[ 2289.324576] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.325855] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:46:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2289.409606] loop7: detected capacity change from 0 to 40
[ 2289.553972] loop2: detected capacity change from 0 to 40
[ 2289.583815] loop1: detected capacity change from 0 to 40
11:46:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2289.662557] syz-executor.7: attempt to access beyond end of device
[ 2289.662557] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.663913] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2289.771040] syz-executor.2: attempt to access beyond end of device
[ 2289.771040] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.772914] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:46:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2289.877608] syz-executor.1: attempt to access beyond end of device
[ 2289.877608] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2289.879040] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:46:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2290.058550] loop2: detected capacity change from 0 to 40
[ 2290.324533] syz-executor.2: attempt to access beyond end of device
[ 2290.324533] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2290.326115] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:46:38 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = fork()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
waitid(0x1, r3, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x3f, 0x7, 0x7d, 0x9, 0x0, 0x1ff, 0x42c21, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x40, 0xff}, 0x420f5, 0xffffffffffffffb2, 0x1, 0x3, 0x5, 0x80000000, 0xffe, 0x0, 0x1000, 0x0, 0x6effb98e}, r3, 0xa, r2, 0x3)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:46:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:38 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x0, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:38 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:38 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:38 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:38 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2306.404701] loop7: detected capacity change from 0 to 40
[ 2306.420860] loop1: detected capacity change from 0 to 40
[ 2306.428212] loop2: detected capacity change from 0 to 40
[ 2306.483946] syz-executor.7: attempt to access beyond end of device
[ 2306.483946] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2306.485395] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:46:38 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:38 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2306.671937] loop7: detected capacity change from 0 to 40
[ 2306.700405] syz-executor.1: attempt to access beyond end of device
[ 2306.700405] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2306.702327] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2306.720381] syz-executor.2: attempt to access beyond end of device
[ 2306.720381] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2306.721803] Buffer I/O error on dev loop2, logical block 10, lost async page write
11:46:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:38 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r0, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r1, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:46:38 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2306.888233] loop1: detected capacity change from 0 to 40
[ 2306.910291] syz-executor.7: attempt to access beyond end of device
[ 2306.910291] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2306.911677] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2307.044364] syz-executor.1: attempt to access beyond end of device
[ 2307.044364] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2307.045871] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:46:39 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2307.157852] loop7: detected capacity change from 0 to 40
[ 2307.230095] syz-executor.7: attempt to access beyond end of device
[ 2307.230095] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2307.231101] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:46:39 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:39 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="012000000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000180), 0x80000000, 0x80000)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

[ 2307.294628] loop1: detected capacity change from 0 to 40
11:46:55 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:55 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:55 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:46:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:46:55 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="012000000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000180), 0x80000000, 0x80000)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r5)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

11:46:55 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r2=>0x0)
process_vm_writev(r2, &(0x7f0000000500)=[{&(0x7f0000000300)=""/164, 0xa4}, {&(0x7f00000003c0)=""/13, 0xd}, {&(0x7f0000000480)=""/128, 0x80}, {&(0x7f0000000400)=""/58, 0x3a}], 0x4, &(0x7f0000001780)=[{&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/39, 0x27}, {&(0x7f0000001580)=""/121, 0x79}, {&(0x7f0000001600)=""/99, 0x63}, {&(0x7f0000001680)=""/254, 0xfe}], 0x5, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x2, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
getpid()
clock_gettime(0x0, &(0x7f00000018c0)={<r5=>0x0, <r6=>0x0})
rt_sigtimedwait(&(0x7f0000001800)={[0x100000001]}, &(0x7f0000001840), &(0x7f0000001900)={r5, r6+10000000}, 0x8)

11:46:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2323.697756] loop1: detected capacity change from 0 to 40
[ 2323.701559] loop7: detected capacity change from 0 to 40
[ 2323.857351] syz-executor.7: attempt to access beyond end of device
[ 2323.857351] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2323.858671] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:46:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:46:55 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2324.102124] loop1: detected capacity change from 0 to 40
11:46:56 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ptrace$setopts(0x4206, r0, 0x60faa301, 0x61)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)

[ 2324.203612] loop7: detected capacity change from 0 to 40
11:46:56 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ptrace$setopts(0x4206, r0, 0x60faa301, 0x61)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)

11:46:56 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_getparam(r0, &(0x7f0000000000))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2324.365521] syz-executor.7: attempt to access beyond end of device
[ 2324.365521] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2324.367082] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:13 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_getparam(r0, &(0x7f0000000000))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:47:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:47:13 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = fork()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
waitid(0x1, r3, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
waitid(0x2, r3, &(0x7f0000000300), 0x80000000, &(0x7f0000000380))
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:47:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:13 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r3 = fork()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
waitid(0x1, r3, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
waitid(0x2, r3, &(0x7f0000000300), 0x80000000, &(0x7f0000000380))
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

[ 2341.927588] loop1: detected capacity change from 0 to 40
[ 2341.931586] loop7: detected capacity change from 0 to 40
11:47:13 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:47:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2342.052649] syz-executor.7: attempt to access beyond end of device
[ 2342.052649] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2342.054063] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:47:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2342.248510] loop1: detected capacity change from 0 to 40
11:47:14 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x5)
r3 = fork()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
waitid(0x1, r3, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
waitid(0x0, r3, &(0x7f0000000300), 0x1, &(0x7f0000000380))
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
fremovexattr(r2, &(0x7f0000000180)=@random={'trusted.', '/l\x00'})

11:47:14 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r2, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$CDROMSTART(r2, 0x5308)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYRESDEC, @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f0000000180)={r4, 0x2, 0x4, 0x5})
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

[ 2342.354790] loop7: detected capacity change from 0 to 40
11:47:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2342.517248] syz-executor.7: attempt to access beyond end of device
[ 2342.517248] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2342.519097] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:14 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
sched_getparam(r0, &(0x7f0000000000))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2342.735049] loop1: detected capacity change from 0 to 40
11:47:14 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r1 = syz_open_dev$vcsn(&(0x7f0000000140), 0x9, 0x40002)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x8, 0x11, 0x2, 0x8, 0x0, 0xb76, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x3, @perf_config_ext={0x5, 0x8}, 0x448, 0x8, 0x3, 0x0, 0xd3bc, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfe}, r0, 0xe, r1, 0x1)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:47:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2343.099971] loop1: detected capacity change from 0 to 40
11:47:31 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r2, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
ioctl$CDROMSTART(r2, 0x5308)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYRESDEC, @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f0000000180)={r4, 0x2, 0x4, 0x5})
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:47:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:47:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:31 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r1 = syz_open_dev$vcsn(&(0x7f0000000140), 0x9, 0x40002)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x8, 0x11, 0x2, 0x8, 0x0, 0xb76, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x3, @perf_config_ext={0x5, 0x8}, 0x448, 0x8, 0x3, 0x0, 0xd3bc, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfe}, r0, 0xe, r1, 0x1)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2359.177932] loop7: detected capacity change from 0 to 40
11:47:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:47:31 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x204, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_config_ext={0x7, 0x80000001}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x6, 0x7, 0x80, 0x8, 0x0, 0x601, 0x100, 0xc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfffff9be, 0x0, @perf_bp={&(0x7f0000000180), 0xd}, 0x40180, 0x1, 0xffffffff, 0x1, 0x7, 0x1, 0xfffd, 0x0, 0xfffffffc, 0x0, 0xb14}, 0xffffffffffffffff, 0x1, r0, 0x3)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
perf_event_open(&(0x7f0000000480)={0x3, 0x80, 0x7f, 0x81, 0x40, 0x1, 0x0, 0xffffffffffffbcc6, 0x200, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x101, 0x2, @perf_bp={&(0x7f0000000200)}, 0x80, 0x2e6, 0x8, 0x0, 0x1, 0x7ff, 0x9, 0x0, 0x3ff, 0x0, 0x43154a03}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="9800ed000cf91ce239c0ee22bfe5b98294c0a83df6d68e53349e29fb2e54b68616eb5c8913c230b6734374c9468136b1d8e21930911c65f8704cf134ac48e276e0e0be4a2f6d11efbbf33d7052f559750c74b307000000000000001abf3b709bbd69166f7b447ee5eb9af8f5881eb7bae5968403aab92e8949ac128ea60611", @ANYRES16, @ANYBLOB="010000000000000000003b0000000800f90e663e3a4d7d487beda5798c03d8994313f66aedde64f7cb00", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
inotify_init()
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast1, 0x4}, 0x1c)
ioctl$BTRFS_IOC_QUOTA_CTL(r4, 0xc0109428, &(0x7f0000000100)={0x2, 0x4})
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[])
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000001680)={r3, 0x0, 0x2})

11:47:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2359.220177] loop1: detected capacity change from 0 to 40
[ 2359.287398] syz-executor.7: attempt to access beyond end of device
[ 2359.287398] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2359.288389] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:31 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={<r2=>0x0}, &(0x7f0000000180)=0xc)
r3 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r3, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp(r0, r2, 0x4, r3, r1)
process_vm_writev(r2, &(0x7f0000000b40)=[{&(0x7f0000000580)=""/176, 0xb0}, {&(0x7f0000000640)=""/59, 0x3b}, {&(0x7f0000000680)=""/83, 0x53}, {&(0x7f0000000700)=""/241, 0xf1}, {&(0x7f0000000800)=""/197, 0xc5}, {&(0x7f0000000900)=""/44, 0x2c}, {&(0x7f0000000940)=""/247, 0xf7}, {&(0x7f0000000a40)=""/105, 0x69}, {&(0x7f0000000ac0)=""/73, 0x49}], 0x9, &(0x7f0000002040)=[{&(0x7f0000000c00)=""/8, 0x8}, {&(0x7f0000000c40)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/98, 0x62}, {&(0x7f0000001cc0)=""/249, 0xf9}, {&(0x7f0000001dc0)=""/193, 0xc1}, {&(0x7f0000001ec0)=""/18, 0x12}, {&(0x7f0000001f00)=""/78, 0x4e}, {&(0x7f0000001f80)=""/150, 0x96}], 0x8, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nf_conntrack_irc', 0x280000, 0xd)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r4)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000540)={&(0x7f00000001c0), 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x1fc, r5, 0x800, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4a}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x105, 0x80, [@ext_channel_switch={0x3c, 0x4, {0x1, 0x1f, 0xb6, 0x2}}, @prep={0x83, 0x25, @ext={{}, 0x81, 0x7, @broadcast, 0x1, @broadcast, 0x7, 0xc30, @device_b, 0x5}}, @mic={0x8c, 0x10, {0x6fe, "d61de37ffcc5", @short="dc78071bbcf1294c"}}, @link_id={0x65, 0x12, {@random="af080f989736", @device_b, @device_b}}, @sec_chan_ofs={0x3e, 0x1, 0x7f}, @perr={0x84, 0xa3, {0x9, 0xb, [@not_ext={{}, @device_a, 0x6a1, "", 0x21}, @not_ext={{}, @broadcast, 0xf8, "", 0x11}, @ext={{}, @device_b, 0x60, @broadcast, 0x33}, @not_ext={{}, @device_a, 0x1, "", 0x1c}, @not_ext={{}, @device_a, 0x28, "", 0xc}, @ext={{}, @device_a, 0x10000, @broadcast, 0x1d}, @not_ext={{}, @device_b, 0xfffffff8, "", 0x2e}, @not_ext={{}, @device_a, 0x7, "", 0x1a}, @not_ext={{}, @broadcast, 0x400, "", 0xc}, @not_ext={{}, @device_a, 0x3, "", 0x6}, @ext={{}, @device_b, 0x6, @device_a, 0x29}]}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x1, 0x28}}]}, @NL80211_ATTR_BEACON_HEAD={0xd4, 0xe, {@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x8}, @device_a, @device_b, @from_mac, {0x8, 0x6e2}}, @ver_80211n={0x0, 0x1, 0x3, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, 0x7ff, @default, 0x400, @void, @val={0x1, 0x8, [{0x1b, 0x1}, {0x9, 0x1}, {0xb, 0x1}, {0x5}, {0x12, 0x1}, {0x5, 0x1}, {0xc, 0x1}, {0x4a}]}, @void, @val={0x4, 0x6, {0x8, 0x7, 0x80, 0x8000}}, @val={0x6, 0x2, 0x4}, @val={0x5, 0x6c, {0x3f, 0x54, 0x20, "15c15547500e86423f3c2765e8661374f285629c22e25efe0cd180fa1d0fb6951e65a923812cfc06634253ce67c54306d12ac2e5f632bd34cc02b8aa87709783b54a758883e1ea7c58021374a5947478e586bcef98d05d28bb994a8f69ba842997d1ac59f418c7a623"}}, @void, @void, @void, @val={0x2d, 0x1a, {0x8, 0x1, 0x0, 0x0, {0x10001, 0x0, 0x0, 0x6, 0x0, 0x1, 0x1, 0x1}, 0x300, 0x0, 0x40}}, @val={0x72, 0x6}, @void, @void}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x28095}, 0x80)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r6)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r4, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r7=>r4, {0x6, 0xfff}}, './file0\x00'})
sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000002440)={&(0x7f0000002300), 0xc, &(0x7f0000002400)={&(0x7f0000002340)={0xac, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x74, 0x71}}}}, [@NL80211_ATTR_IE={0x5b, 0x2a, [@link_id={0x65, 0x12, {@random="92b0b80c2193"}}, @erp={0x2a, 0x1, {0x1, 0x1}}, @ibss={0x6, 0x2, 0x1000}, @prep={0x83, 0x1f, @not_ext={{}, 0x9, 0x6, @device_b, 0x2, "", 0x9, 0x6ddb, @device_b, 0x2}}, @cf={0x4, 0x6, {0x9, 0x0, 0x101, 0x1ff}}, @channel_switch={0x25, 0x3, {0x1, 0xa1, 0x1}}, @chsw_timing={0x68, 0x4, {0x3, 0xff}}, @gcr_ga={0xbd, 0x6}]}, @NL80211_ATTR_IE={0x9, 0x2a, [@channel_switch={0x25, 0x3, {0x1, 0xa1, 0xaa}}]}, @NL80211_ATTR_IE={0x12, 0x2a, [@gcr_ga={0xbd, 0x6, @device_b}, @chsw_timing={0x68, 0x4, {0x20, 0x3ff}}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xe6fb}]}, 0xac}, 0x1, 0x0, 0x0, 0xc0}, 0x4000001)
ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, 0xa)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000002100), r7)
sendmsg$TIPC_NL_MON_PEER_GET(r7, &(0x7f00000022c0)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002280)={&(0x7f0000002140)={0x12c, r8, 0x4, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x13, 0x1, @l2={'eth', 0x3a, 'ip6gretap0\x00'}}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffff9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x40}]}, @TIPC_NLA_BEARER={0x74, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'wlan0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x60000, @private0, 0x296f7ff2}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}}}}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8c}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER={0x4}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4008000}, 0x1)

11:47:31 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2359.502199] loop1: detected capacity change from 0 to 40
[ 2359.590161] loop7: detected capacity change from 0 to 40
11:47:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:47:31 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r1 = syz_open_dev$vcsn(&(0x7f0000000140), 0x9, 0x40002)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x8, 0x11, 0x2, 0x8, 0x0, 0xb76, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x3, @perf_config_ext={0x5, 0x8}, 0x448, 0x8, 0x3, 0x0, 0xd3bc, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfe}, r0, 0xe, r1, 0x1)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

[ 2359.702626] syz-executor.7: attempt to access beyond end of device
[ 2359.702626] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2359.703729] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2359.779808] loop7: detected capacity change from 0 to 40
[ 2359.788689] loop1: detected capacity change from 0 to 40
[ 2359.811633] syz-executor.7: attempt to access beyond end of device
[ 2359.811633] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2359.812787] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:31 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000180))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

[ 2359.913620] loop7: detected capacity change from 0 to 40
[ 2359.965410] syz-executor.7: attempt to access beyond end of device
[ 2359.965410] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2359.966464] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2359.980679] syz-executor.1: attempt to access beyond end of device
[ 2359.980679] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2359.982229] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:47:47 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = fork()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
waitid(0x1, r0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r1 = syz_open_dev$vcsn(&(0x7f0000000140), 0x9, 0x40002)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x8, 0x11, 0x2, 0x8, 0x0, 0xb76, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1f, 0x3, @perf_config_ext={0x5, 0x8}, 0x448, 0x8, 0x3, 0x0, 0xd3bc, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfe}, r0, 0xe, r1, 0x1)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:47:47 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:47 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:47:47 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000180))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

11:47:47 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:47:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:47:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2375.206989] loop1: detected capacity change from 0 to 40
[ 2375.208045] loop7: detected capacity change from 0 to 40
[ 2375.342547] syz-executor.7: attempt to access beyond end of device
[ 2375.342547] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2375.344364] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:47:47 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000180))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)

[ 2375.438394] syz-executor.1: attempt to access beyond end of device
[ 2375.438394] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2375.440155] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:47:47 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2375.583401] loop7: detected capacity change from 0 to 40
[ 2375.669524] syz-executor.7: attempt to access beyond end of device
[ 2375.669524] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2375.671370] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:48:05 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x1ffffffffffffffc}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(r0, 0x7, &(0x7f0000000000)={0x0, 0xffffffffffffffff}, &(0x7f0000000040))
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:48:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:48:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:05 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:48:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x28, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2393.591080] loop1: detected capacity change from 0 to 40
[ 2393.616484] loop7: detected capacity change from 0 to 40
[ 2393.748123] syz-executor.1: attempt to access beyond end of device
[ 2393.748123] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2393.749747] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:48:05 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
gettid()
ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000180)={0x6, 0x4b, 0x9, 0x4, 0xb92e})
ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000300)={0x0, <r4=>0x0})
waitid(0x2, r4, &(0x7f0000000340), 0x20000000, &(0x7f0000000480))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:48:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2393.961117] loop7: detected capacity change from 0 to 40
11:48:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380))
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2394.018788] loop1: detected capacity change from 0 to 40
11:48:06 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
waitid(0x1, 0x0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000300), 0x263f, 0x40)
r4 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r4, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r0, &(0x7f0000000340)={r3, r4, 0x1})
prctl$PR_SET_PTRACER(0x59616d61, r1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="980000009dbfc8589820a967bcdab21c4e98412f811a37b77300000000fd", @ANYRES16, @ANYBLOB="01000000000000001e003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

11:48:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:06 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
sendmsg$nl_netfilter(r4, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x1a0, 0x1, 0xb, 0x0, 0x70bd26, 0x25dfdbff, {0x3, 0x0, 0x5}, [@generic="534e5e13f211b74b8f8be9d5adc63e5c03e7d6e92d9d828b44211e06b6c99f3ed20f05e90819399bfdb27a275a4299bbdd80c3b67fcc57f1b01d42915a9d68a375db8d8f35f03e6c4707332ad9c92b5e4b0db7ac2f5a02b6be6f5558ac182664e08837d6a8969193192f82927ed07fbf024013674c61b701c57f545d66a65bb8394228f24e38e0e79d9436e674d86895365b73360b3be2490b04c4f99a72e896fdf8203bab71512da8a3e0c083f8dfb503681fc33d1696af7ab75be7ebea538b129d8658171ed9b0e216407fd1b6631ad59a6352a1f4e7b586b245de34f7f6958d1298f01ac86d2682e03fb1359b30522a9e9e56", @generic="deeb96b3f2ff69e5d5faeacbbfd8e6718d291ea92288e198a5e0c487a7667edadd882fe09847f9e52b5e1c75c4f712ae10c331801fb116420d1b835886edc366762ceb57f06bc891ae30e5173ff09ca6226e3bdbbe2202c991de0f550654258520ea9f2433b4d2b8606996d24ff8ada0b38ab9af27db5c177a3bbfa0995a8ce70eed517c4289622cd9e56e4cfee4cfb769b59c45e1b96e", @generic]}, 0x1b}, 0x1, 0x0, 0x0, 0x1010}, 0x40085)
r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x10080, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r2)

[ 2394.252268] syz-executor.1: attempt to access beyond end of device
[ 2394.252268] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2394.253584] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2394.325218] loop7: detected capacity change from 0 to 40
11:48:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:06 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
waitid(0x1, 0x0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000300), 0x263f, 0x40)
r4 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r4, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r0, &(0x7f0000000340)={r3, r4, 0x1})
prctl$PR_SET_PTRACER(0x59616d61, r1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="980000009dbfc8589820a967bcdab21c4e98412f811a37b77300000000fd", @ANYRES16, @ANYBLOB="01000000000000001e003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

[ 2394.504149] loop1: detected capacity change from 0 to 40
[ 2394.536203] syz-executor.1: attempt to access beyond end of device
[ 2394.536203] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2394.537571] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:48:21 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc6, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x6, 0x4, 0x4, 0x8, 0x0, 0x434, 0xaa410, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x1ff, 0x50}, 0x1000, 0x401, 0x0, 0x8, 0x0, 0x1, 0x9, 0x0, 0xffff, 0x0, 0x4}, r2, 0x10, r3, 0xa)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:48:21 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
waitid(0x1, 0x0, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000300), 0x263f, 0x40)
r4 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r4, 0x1, 0x0, 0xf, 0x0, 0x18)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r0, &(0x7f0000000340)={r3, r4, 0x1})
prctl$PR_SET_PTRACER(0x59616d61, r1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="980000009dbfc8589820a967bcdab21c4e98412f811a37b77300000000fd", @ANYRES16, @ANYBLOB="01000000000000001e003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)

11:48:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380))
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2409.861028] loop7: detected capacity change from 0 to 40
[ 2409.879897] loop1: detected capacity change from 0 to 40
11:48:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2410.180955] syz-executor.1: attempt to access beyond end of device
[ 2410.180955] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2410.182412] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2410.190029] loop7: detected capacity change from 0 to 40
11:48:22 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc6, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x6, 0x4, 0x4, 0x8, 0x0, 0x434, 0xaa410, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x1ff, 0x50}, 0x1000, 0x401, 0x0, 0x8, 0x0, 0x1, 0x9, 0x0, 0xffff, 0x0, 0x4}, r2, 0x10, r3, 0xa)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:48:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380))
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2410.517088] loop7: detected capacity change from 0 to 40
[ 2410.534664] loop1: detected capacity change from 0 to 40
11:48:22 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc6, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = gettid()
r2 = fork()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
waitid(0x1, r2, &(0x7f00000003c0), 0x3, &(0x7f0000000440))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='gid_map\x00')
pread64(r3, &(0x7f00000001c0)=""/253, 0xfd, 0x1)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x6, 0x4, 0x4, 0x8, 0x0, 0x434, 0xaa410, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_config_ext={0x1ff, 0x50}, 0x1000, 0x401, 0x0, 0x8, 0x0, 0x1, 0x9, 0x0, 0xffff, 0x0, 0x4}, r2, 0x10, r3, 0xa)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000000))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="00000023c9289b41291bd72a5af106010fe72c3370625cf21dc026a0d62f6303202344d18741f47a569bf2e0c0"], 0x98}}, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
r5 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r5)

11:48:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2410.717661] syz-executor.1: attempt to access beyond end of device
[ 2410.717661] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2410.719227] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:48:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2410.812247] loop7: detected capacity change from 0 to 40
11:48:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2410.965841] loop1: detected capacity change from 0 to 40
11:48:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2411.061907] syz-executor.1: attempt to access beyond end of device
[ 2411.061907] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2411.063508] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2411.117584] loop7: detected capacity change from 0 to 40
11:48:39 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:39 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:39 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:48:39 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
gettid()
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r1, 0x1, 0x0, 0xf, 0x0, 0x18)
fcntl$dupfd(r1, 0x406, r0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

11:48:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:39 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

[ 2427.379072] loop1: detected capacity change from 0 to 40
[ 2427.387984] loop7: detected capacity change from 0 to 40
[ 2427.503657] syz-executor.1: attempt to access beyond end of device
[ 2427.503657] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2427.505151] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:48:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x0, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:39 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2427.672496] loop1: detected capacity change from 0 to 40
[ 2427.734080] syz-executor.1: attempt to access beyond end of device
[ 2427.734080] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2427.735630] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:48:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x0, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:39 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:48:39 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2428.024415] loop7: detected capacity change from 0 to 40
11:48:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:56 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1)

11:48:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:48:56 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:48:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:48:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x0, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2444.690461] loop1: detected capacity change from 0 to 40
[ 2444.717539] loop7: detected capacity change from 0 to 40
11:48:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:56 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2)

[ 2444.907901] syz-executor.1: attempt to access beyond end of device
[ 2444.907901] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2444.909419] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 2444.973219] loop7: detected capacity change from 0 to 40
[ 2445.035165] syz-executor.7: attempt to access beyond end of device
[ 2445.035165] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2445.036559] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:48:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 3)

11:48:57 executing program 3:
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000040)={{0x2, 0x5}, 'port1\x00', 0x40, 0x800, 0xffff, 0x0, 0x6, 0x200, 0x9, 0x0, 0x6, 0x40})
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'netdevsim0\x00'})

11:48:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x0, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

[ 2445.188329] loop7: detected capacity change from 0 to 40
11:48:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 4)

11:48:57 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0)
perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00')
pread64(r0, &(0x7f0000000180)=""/16, 0x2f00, 0x76)
openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0)
getpgrp(0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x3ff}}, './file0\x00'})
ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000380)=@get={0x1, &(0x7f0000000480)=""/4091, 0x6})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$802154_raw(0xffffffffffffffff, &(0x7f00000003c0)={0x24, @none={0x0, 0xffff}}, 0x14)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @mcast1, 0x400}, 0x1c)

11:48:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:48:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:49:14 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/fscreate\x00')
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000040)=""/188, &(0x7f0000000100)=0xbc)
write$binfmt_script(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="2321202e2f0a59edb9300a29194c14bb938207285b52252ece3355f50a5bae46482695f028b20e0c3ed19cf8fd8564eb337c690b477c9eb6e8719132efbb4f44d3972d113b35"], 0xb)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000200)={0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}]})
fcntl$getflags(r1, 0x408)

11:49:14 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:49:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:49:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:49:14 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0)
perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00')
pread64(r0, &(0x7f0000000180)=""/16, 0x2f00, 0x76)
openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0)
getpgrp(0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x3ff}}, './file0\x00'})
ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000380)=@get={0x1, &(0x7f0000000480)=""/4091, 0x6})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$802154_raw(0xffffffffffffffff, &(0x7f00000003c0)={0x24, @none={0x0, 0xffff}}, 0x14)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @mcast1, 0x400}, 0x1c)

11:49:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x0, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:49:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:49:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2462.288164] loop7: detected capacity change from 0 to 40
[ 2462.292082] SELinux:  Context #! ./
[ 2462.292082] Yí¹0 is not valid (left unmapped).
[ 2462.305939] loop1: detected capacity change from 0 to 40
11:49:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2462.459072] syz-executor.7: attempt to access beyond end of device
[ 2462.459072] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2462.460512] Buffer I/O error on dev loop7, logical block 10, lost async page write
11:49:14 executing program 5:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xb, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2020, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x0, 0x81, 0x6, 0x0, 0x0, 0x6397, 0x2cdb2, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000180), 0x1}, 0x0, 0xfffffffffffffff9, 0xff, 0x5, 0x4, 0x6, 0x20, 0x0, 0x80000001, 0x0, 0x7}, 0x0, 0x1, r0, 0x8)
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x20, 0xbd, 0x4, 0x7, 0x0, 0x3, 0x802a, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x800, 0x5, @perf_config_ext={0x7463, 0x4}, 0x8050, 0x9, 0x8000005, 0x8, 0x8, 0x1, 0x3, 0x0, 0x3, 0x0, 0x80000000}, 0x0, 0x5, 0xffffffffffffffff, 0x8)
write(r1, &(0x7f0000000400)="87f1be485d8dbd02810d6c86f72ee1d271258dc20a8a089acded57748e6ae0246d3261f0106893be175499a9e715c0831b3aea44774fca0a66a0aa4cedebff3b444d2b5dd515a76cba4aa1ef1a5f8c8ebfccfb5c4b9a5120f318a952d40c4b02d6928aa03f75a1da0ffa54a4c1f7a4596a51fe7e379aec7deb54c5", 0x7b)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x42)
pwritev(r2, &(0x7f0000000140)=[{&(0x7f0000000000)="f7", 0x1}], 0x1, 0x0, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1f, &(0x7f0000000000)=""/34, &(0x7f0000000040)=0x22)
syncfs(r3)
ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r4 = openat(0xffffffffffffffff, 0x0, 0x400000, 0x8)
kcmp(0x0, 0x0, 0x2, r4, 0xffffffffffffffff)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x40, 0x1, 0x5, 0x1, 0x0, 0x6, 0x1000, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2e2, 0x4, @perf_config_ext={0xe347, 0x5}, 0x8, 0x6, 0xff9a, 0x7, 0xb59, 0x39fb, 0x3, 0x0, 0x6, 0x0, 0x1}, 0x0, 0xb, r1, 0x2)
ioctl$PERF_EVENT_IOC_ID(r5, 0x80082407, &(0x7f0000000240))
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000070000f5000000b20200000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/28, @ANYRES32, @ANYBLOB="000000001f00"/28])

[ 2462.553469] syz-executor.1: attempt to access beyond end of device
[ 2462.553469] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2462.554945] Buffer I/O error on dev loop1, logical block 10, lost async page write
11:49:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:49:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x101042, 0x11)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x28, 0x3f7, 0x402, 0x70bd27, 0x25dfdbfb, {0x7, 0x7, './file0', './file0'}, ["", ""]}, 0x28}}, 0x4008043)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:49:30 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
syz_open_dev$vcsa(&(0x7f0000000080), 0x4, 0x1)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6ce45acb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

11:49:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x0, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

11:49:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2478.379571] loop7: detected capacity change from 0 to 40
[ 2478.392161] loop1: detected capacity change from 0 to 40
11:49:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x0, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:49:30 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_complete(0x0)
recvmsg$unix(r0, &(0x7f0000000600)={&(0x7f0000000340)=@abs, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f00000003c0)=""/61, 0x3d}, {&(0x7f0000000480)=""/16, 0x10}], 0x3, &(0x7f00000001c0)=ANY=[], 0xe8}, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000640)=0x1)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000040)={0x0, 0x88b, 0x0, 0x0, 0x0, "425bb45816f822e6b8208f9a07eeec557d2e8f"})
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000001140)="11975a43dcd3ad912051513fc9654ddeea5893b8cfbba61a2ce44acba1e61e63a4ccb378062a1a3ffaadec89146928b7395f20536bfc376d6debfabdf501ee", 0x3f}], 0x1)
bind$packet(0xffffffffffffffff, &(0x7f0000005280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000200)={'syztnl1\x00', <r2=>0x0, 0x29, 0x1, 0x5, 0x40, 0x10, @empty, @ipv4={'\x00', '\xff\xff', @empty}, 0x10, 0x80, 0x100, 0x1000}})
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000700)={'sit0\x00', &(0x7f0000000680)={'syztnl1\x00', r2, 0x2f, 0x3f, 0x3, 0x5, 0x19, @empty, @mcast2, 0x700, 0x8, 0x7, 0x7}})
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000100)={0x6, 0x6, 0x7}, &(0x7f0000000140))
accept(0xffffffffffffffff, 0x0, 0x0)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000180)={0x8, 0x7, 0x8})

11:49:30 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000240))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r5}}, 0x370)

11:49:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xf)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000004480)={&(0x7f00000043c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000004440)={&(0x7f0000004400)={0x14, 0x5, 0x6, 0x5}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000040)={0x178, 0x0, 0x10, 0x70bd25, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x6, 0x4, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x3}}]}, 0x178}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
syz_io_uring_setup(0xaaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000380))
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000035c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="f8ffffffffffffff2e2f66696c653000"])
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r1=>0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r3=>0x0, <r4=>0x0, <r5=>0x0}, &(0x7f0000000140)=0xc)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
setresuid(0x0, r6, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r8=>0x0, <r9=>0x0})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)=ANY=[@ANYRES32=r7, @ANYRES32=r2, @ANYRES32=r5, @ANYRESHEX=r4, @ANYRES64, @ANYRESOCT=r8, @ANYRES64=r3, @ANYRES32=r9, @ANYRESOCT])
r10 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0xa1e0b2, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=loose,cache=mmap,version=9p2000.u,dfltgid=', @ANYRESHEX=r9, @ANYBLOB=',nodevmap,uid=', @ANYRESDEC=0x0, @ANYBLOB='l,\x00'])
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r10, 0x0)
close(r10)
syz_io_uring_setup(0xaaf, &(0x7f0000000200)={0x0, 0x0, 0xc, 0x0, 0x0, 0x0, r10}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000380))
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x4801)

11:49:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2478.487468] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 2478.487512] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] 
[ 2478.487547] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 2478.487586] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00
[ 2478.487605] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 22 prio class 2
[ 2478.488500] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.488569] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.488593] Buffer I/O error on dev sr0, logical block 0, async page read
[ 2478.488924] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.488950] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.488971] Buffer I/O error on dev sr0, logical block 1, async page read
[ 2478.489204] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.489228] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.489250] Buffer I/O error on dev sr0, logical block 2, async page read
[ 2478.489541] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.489566] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.489587] Buffer I/O error on dev sr0, logical block 3, async page read
[ 2478.489914] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.489938] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.489960] Buffer I/O error on dev sr0, logical block 4, async page read
[ 2478.490186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.490210] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.490230] Buffer I/O error on dev sr0, logical block 5, async page read
[ 2478.490451] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.490476] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.490497] Buffer I/O error on dev sr0, logical block 6, async page read
[ 2478.490767] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.490792] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.490813] Buffer I/O error on dev sr0, logical block 7, async page read
[ 2478.493275] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.493313] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2478.493335] Buffer I/O error on dev sr0, logical block 0, async page read
[ 2478.493560] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.493587] Buffer I/O error on dev sr0, logical block 1, async page read
[ 2478.494011] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.494269] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.494604] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.495205] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.496022] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.502451] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.503770] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.504020] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.505068] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.505310] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.505553] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.505939] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.506168] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.507986] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.508276] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.508532] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.508918] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.509159] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.509392] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.509632] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.509989] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.510230] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.510640] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.510919] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.511160] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.516480] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.518407] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.519015] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.519616] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.553175] ------------[ cut here ]------------
[ 2478.553237] kernfs_put: syz5/pids.events: released with incorrect active_ref 0
[ 2478.553320] WARNING: CPU: 0 PID: 17066 at fs/kernfs/dir.c:531 kernfs_put.part.0+0x433/0x540
[ 2478.555357] Modules linked in:
[ 2478.555372] CPU: 0 PID: 17066 Comm: kworker/0:0 Not tainted 5.19.0-rc5-next-20220706 #1
[ 2478.555390] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2478.555403] Workqueue: events kernfs_notify_workfn
[ 2478.555432] RIP: 0010:kernfs_put.part.0+0x433/0x540
[ 2478.555452] Code: 03 80 3c 18 00 0f 85 ea 00 00 00 4d 8b 7d 38 e8 53 fc a6 ff 48 8b 14 24 44 89 f1 4c 89 fe 48 c7 c7 e0 5b 72 84 e8 13 aa 6c 02 <0f> 0b e9 b9 fc ff ff 48 89 ef e8 0e b3 d9 ff e9 c1 fd ff ff e8 04
[ 2478.555467] RSP: 0018:ffff888045c07bd8 EFLAGS: 00010286
[ 2478.555482] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[ 2478.555493] RDX: ffff888045ce5040 RSI: ffffffff812bd348 RDI: ffffed1008b80f6d
[ 2478.555504] RBP: ffff88801b83f690 R08: 0000000000000005 R09: 0000000000000000
[ 2478.555514] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801b83f658
[ 2478.555524] R13: ffff888018994828 R14: 0000000000000000 R15: ffff888014b30f50
[ 2478.555537] FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 2478.555553] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2478.555565] CR2: 00007f5a914e69c8 CR3: 00000000230ba000 CR4: 0000000000350ef0
[ 2478.555575] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2478.555585] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2478.555595] Call Trace:
[ 2478.555601]  <TASK>
[ 2478.555616]  kernfs_put+0x42/0x50
[ 2478.555633]  kernfs_notify_workfn+0x417/0x560
[ 2478.555653]  ? lock_downgrade+0x6d0/0x6d0
[ 2478.555678]  ? kernfs_vma_page_mkwrite+0x230/0x230
[ 2478.555700]  ? lock_is_held_type+0xd7/0x130
[ 2478.555745]  process_one_work+0xa0f/0x1690
[ 2478.555778]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2478.555804]  ? rwlock_bug.part.0+0x90/0x90
[ 2478.555828]  ? ct_nmi_exit+0x119/0x1c0
[ 2478.555855]  worker_thread+0x637/0x1250
[ 2478.555888]  ? __kthread_parkme+0x15a/0x220
[ 2478.555948]  ? process_one_work+0x1690/0x1690
[ 2478.555971]  kthread+0x2ed/0x3a0
[ 2478.555988]  ? kthread_complete_and_exit+0x40/0x40
[ 2478.556010]  ret_from_fork+0x22/0x30
[ 2478.556045]  </TASK>
[ 2478.556051] irq event stamp: 182021
[ 2478.556058] hardirqs last  enabled at (182027): [<ffffffff812bc63e>] vprintk_emit+0x4fe/0x550
[ 2478.556082] hardirqs last disabled at (182032): [<ffffffff812bc5d5>] vprintk_emit+0x495/0x550
[ 2478.556105] softirqs last  enabled at (181782): [<ffffffff81168a63>] __irq_exit_rcu+0x113/0x170
[ 2478.556129] softirqs last disabled at (181751): [<ffffffff81168a63>] __irq_exit_rcu+0x113/0x170
[ 2478.556150] ---[ end trace 0000000000000000 ]---
[ 2478.556353] ==================================================================
[ 2478.556359] BUG: KASAN: use-after-free in llist_del_first+0x89/0xa0
[ 2478.556380] Read of size 8 at addr ffff88801b83f6d8 by task kworker/0:0/17066
[ 2478.556391] 
[ 2478.556395] CPU: 0 PID: 17066 Comm: kworker/0:0 Tainted: G        W          5.19.0-rc5-next-20220706 #1
[ 2478.556409] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2478.556420] Workqueue: events kernfs_notify_workfn
[ 2478.556435] Call Trace:
[ 2478.556439]  <TASK>
[ 2478.556443]  dump_stack_lvl+0x8b/0xb3
[ 2478.556465]  print_report.cold+0x5e/0x5e1
[ 2478.556487]  ? llist_del_first+0x89/0xa0
[ 2478.556505]  kasan_report+0xb1/0x1b0
[ 2478.556543]  ? llist_del_first+0x89/0xa0
[ 2478.556562]  llist_del_first+0x89/0xa0
[ 2478.556579]  kernfs_notify_workfn+0x78/0x560
[ 2478.556596]  ? lock_downgrade+0x6d0/0x6d0
[ 2478.556613]  ? kernfs_vma_page_mkwrite+0x230/0x230
[ 2478.556631]  ? lock_is_held_type+0xd7/0x130
[ 2478.556647]  process_one_work+0xa0f/0x1690
[ 2478.556668]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2478.556687]  ? rwlock_bug.part.0+0x90/0x90
[ 2478.556707]  ? ct_nmi_exit+0x119/0x1c0
[ 2478.556724]  worker_thread+0x637/0x1250
[ 2478.556744]  ? __kthread_parkme+0x15a/0x220
[ 2478.556758]  ? process_one_work+0x1690/0x1690
[ 2478.556776]  kthread+0x2ed/0x3a0
[ 2478.556790]  ? kthread_complete_and_exit+0x40/0x40
[ 2478.556807]  ret_from_fork+0x22/0x30
[ 2478.556826]  </TASK>
[ 2478.556830] 
[ 2478.556832] Allocated by task 3762:
[ 2478.556839]  kasan_save_stack+0x1e/0x40
[ 2478.556851]  __kasan_slab_alloc+0x66/0x80
[ 2478.556864]  kmem_cache_alloc+0x1b1/0x490
[ 2478.556876]  __kernfs_new_node+0xd4/0x8b0
[ 2478.556888]  kernfs_new_node+0x93/0x120
[ 2478.556901]  __kernfs_create_file+0x51/0x350
[ 2478.556916]  cgroup_addrm_files+0x3e2/0x9d0
[ 2478.556933]  css_populate_dir+0x19b/0x450
[ 2478.556948]  cgroup_apply_control_enable+0x3ae/0xa40
[ 2478.560305] syz-executor.7: attempt to access beyond end of device
[ 2478.560305] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2478.561431]  cgroup_mkdir+0x824/0x11f0
[ 2478.561452]  kernfs_iop_mkdir+0x149/0x1d0
[ 2478.561469]  vfs_mkdir+0x417/0x6a0
[ 2478.561489]  do_mkdirat+0x17b/0x2e0
[ 2478.561510]  __x64_sys_mkdir+0xf2/0x140
[ 2478.561531]  do_syscall_64+0x3b/0x90
[ 2478.561554]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 2478.561571] 
[ 2478.561574] Freed by task 17066:
[ 2478.561581]  kasan_save_stack+0x1e/0x40
[ 2478.561597]  kasan_set_track+0x21/0x30
[ 2478.562316] ------------[ cut here ]------------
[ 2478.562849]  kasan_set_free_info+0x20/0x30
[ 2478.562869]  __kasan_slab_free+0x108/0x190
[ 2478.562884]  kmem_cache_free+0xfb/0x600
[ 2478.564286] WARNING: CPU: 1 PID: 23622 at fs/kernfs/dir.c:504 kernfs_get.part.0+0x69/0x80
[ 2478.564936]  kernfs_put.part.0+0x2c7/0x540
[ 2478.565591] Modules linked in:
[ 2478.566206]  kernfs_put+0x42/0x50
[ 2478.566940] 
[ 2478.567454]  kernfs_notify_workfn+0x417/0x560
[ 2478.568106] CPU: 1 PID: 23622 Comm: syz-executor.7 Tainted: G        W          5.19.0-rc5-next-20220706 #1
[ 2478.568758]  process_one_work+0xa0f/0x1690
[ 2478.569391] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2478.569622]  worker_thread+0x637/0x1250
[ 2478.569836] RIP: 0010:kernfs_get.part.0+0x69/0x80
[ 2478.570126]  kthread+0x2ed/0x3a0
[ 2478.570524] Code: 31 ff 89 ee e8 a8 fd a6 ff 85 ed 74 18 e8 cf 00 a7 ff be 04 00 00 00 48 89 df e8 d2 ba d9 ff f0 ff 03 5b 5d c3 e8 b7 00 a7 ff <0f> 0b eb df 48 89 df e8 7b b7 d9 ff eb c6 66 0f 1f 84 00 00 00 00
[ 2478.570882]  ret_from_fork+0x22/0x30
[ 2478.571314] RSP: 0018:ffff88806cf09c80 EFLAGS: 00010046
[ 2478.571689] 
[ 2478.571694] The buggy address belongs to the object at ffff88801b83f658
[ 2478.571694]  which belongs to the cache kernfs_node_cache of size 168
[ 2478.572069] 
[ 2478.572484] The buggy address is located 128 bytes inside of
[ 2478.572484]  168-byte region [ffff88801b83f658, ffff88801b83f700)
[ 2478.572886] RAX: 0000000000000000 RBX: ffff88801b83f658 RCX: 0000000000000100
[ 2478.573222] 
[ 2478.573226] The buggy address belongs to the physical page:
[ 2478.573578] RDX: ffff888046fd3580 RSI: ffffffff819df849 RDI: 0000000000000005
[ 2478.573966] page:00000000a91903ae refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b83f
[ 2478.574374] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 2478.574683] flags: 0x100000000000200(slab|node=0|zone=1)
[ 2478.575126] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 2478.575479] raw: 0100000000000200 ffffea00010f3b00 dead000000000003 ffff8880080358c0
[ 2478.575693] R13: 1ffffffff0a01e40 R14: ffff88801b83f658 R15: ffff88800d9d3130
[ 2478.576015] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000
[ 2478.576779] FS:  00007fdb26635700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 2478.577539] page dumped because: kasan: bad access detected
[ 2478.578345] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2478.579076] 
[ 2478.579080] Memory state around the buggy address:
[ 2478.579509] CR2: 00007f23ab7ed718 CR3: 000000004428e000 CR4: 0000000000350ee0
[ 2478.580159]  ffff88801b83f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2478.584825] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2478.585537]  ffff88801b83f600: 00 00 00 fc fc fc fc fc fc fc fc fa fb fb fb fb
[ 2478.585681] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2478.586507] >ffff88801b83f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2478.587498] Call Trace:
[ 2478.587922]                                                     ^
[ 2478.588173]  <IRQ>
[ 2478.588372]  ffff88801b83f700: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 2478.588786]  kernfs_get+0x1b/0x30
[ 2478.589149]  ffff88801b83f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2478.589518]  kernfs_notify+0x180/0x350
[ 2478.589866] ==================================================================
[ 2478.590218]  cgroup_file_notify+0xf5/0x1a0
[ 2478.590737] Disabling lock debugging due to kernel taint
[ 2478.591013]  ? cgroup_file_notify+0x1a0/0x1a0
[ 2478.593739] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.594091]  call_timer_fn+0x17d/0x5f0
[ 2478.634895]  ? lockdep_hardirqs_on+0x79/0x100
[ 2478.635322]  ? msleep_interruptible+0x180/0x180
[ 2478.635755]  ? cgroup_file_notify+0x1a0/0x1a0
[ 2478.636186]  ? mark_lock.part.0+0xef/0x2f60
[ 2478.636629]  ? cgroup_file_notify+0x1a0/0x1a0
[ 2478.637048]  __run_timers.part.0+0x65e/0xa50
[ 2478.637454]  ? call_timer_fn+0x5f0/0x5f0
[ 2478.637823]  ? recalibrate_cpu_khz+0x10/0x10
[ 2478.638228]  ? ktime_get+0x153/0x1f0
[ 2478.638569]  run_timer_softirq+0xae/0x1a0
[ 2478.638959]  __do_softirq+0x1c8/0x8cc
[ 2478.639339]  __irq_exit_rcu+0x113/0x170
[ 2478.639698]  irq_exit_rcu+0x5/0x20
[ 2478.640040]  sysvec_apic_timer_interrupt+0x8e/0xc0
[ 2478.640497]  </IRQ>
[ 2478.640735]  <TASK>
[ 2478.640949]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2478.641433] RIP: 0010:console_emit_next_record.constprop.0+0x4c8/0x800
[ 2478.642024] Code: 83 e2 07 38 d0 7f 08 84 c0 0f 85 d5 02 00 00 88 5d 00 e8 db 3e 00 00 31 ff 4c 89 f6 e8 61 61 19 00 4d 85 f6 0f 85 76 01 00 00 <e8> 63 64 19 00 48 b8 00 00 00 00 00 fc ff df 48 03 04 24 48 c7 00
[ 2478.643647] RSP: 0018:ffff8880476269c0 EFLAGS: 00000202
[ 2478.644129] RAX: 00000000000017a7 RBX: 0000000000000001 RCX: ffffffff8128d13f
[ 2478.644827] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 2478.645482] RBP: ffff888047626b68 R08: 0000000000000001 R09: ffffffff86a6088f
[ 2478.646152] R10: fffffbfff0d4c111 R11: 0000000000000001 R12: 0000000000000001
[ 2478.646818] R13: ffffffff86dacba0 R14: 0000000000000200 R15: ffffffff854a01b8
[ 2478.647508]  ? mark_lock.part.0+0xef/0x2f60
[ 2478.647939]  ? devkmsg_read+0x730/0x730
[ 2478.648330]  ? irqentry_enter+0x26/0x50
[ 2478.648762]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 2478.649272]  ? __traceiter_irq_enable+0xa0/0xa0
[ 2478.649719]  console_unlock+0x36c/0x590
[ 2478.650111]  ? console_emit_next_record.constprop.0+0x800/0x800
[ 2478.650692]  ? mark_lock.part.0+0xef/0x2f60
[ 2478.651098]  vprintk_emit+0x1b9/0x550
[ 2478.651476]  vprintk+0x80/0x90
[ 2478.651797]  _printk+0xba/0xed
[ 2478.652125]  ? record_print_text.cold+0x16/0x16
[ 2478.652595]  ? _raw_spin_unlock_irqrestore+0x28/0x50
[ 2478.653085]  ? lockdep_hardirqs_on+0x79/0x100
[ 2478.653516]  ? _raw_spin_unlock_irqrestore+0x33/0x50
[ 2478.654003]  submit_bio_noacct.cold+0x98/0xc2
[ 2478.654444]  submit_bio+0x8b/0x250
[ 2478.654785]  submit_bh_wbc+0x4d0/0x650
[ 2478.655179]  __block_write_full_page+0x794/0x1190
[ 2478.655642]  ? fat_add_cluster+0xf0/0xf0
[ 2478.656031]  ? block_is_partially_uptodate+0x510/0x510
[ 2478.656512]  block_write_full_page+0x14d/0x190
[ 2478.656986]  ? fat_add_cluster+0xf0/0xf0
[ 2478.657373]  __mpage_writepage+0x413/0x1710
[ 2478.657776]  ? clean_buffers.part.0+0x3f0/0x3f0
[ 2478.658224]  ? lock_is_held_type+0xd7/0x130
[ 2478.658637]  ? find_held_lock+0x2c/0x110
[ 2478.659030]  ? lock_release+0x3b2/0x750
[ 2478.659416]  ? folio_clear_dirty_for_io+0x26e/0x760
[ 2478.659886]  ? lock_downgrade+0x6d0/0x6d0
[ 2478.660289]  ? percpu_counter_add_batch+0xb4/0x170
[ 2478.660781]  ? lock_is_held_type+0xd7/0x130
[ 2478.661197]  write_cache_pages+0x48c/0x1190
[ 2478.661599]  ? clean_buffers.part.0+0x3f0/0x3f0
[ 2478.662045]  ? percpu_ref_put_many.constprop.0+0x270/0x270
[ 2478.662560]  ? lock_chain_count+0x20/0x20
[ 2478.662946]  ? down_read_trylock+0x171/0x380
[ 2478.663346]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 2478.663822]  ? fat_add_cluster+0xf0/0xf0
[ 2478.664194]  ? fat_readahead+0x20/0x20
[ 2478.664577]  mpage_writepages+0xc2/0x170
[ 2478.664952]  ? mpage_end_io+0x2c0/0x2c0
[ 2478.665322]  ? __lock_acquire+0x1649/0x5e70
[ 2478.665730]  ? fat_add_cluster+0xf0/0xf0
[ 2478.666122]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 2478.666597]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 2478.667087]  do_writepages+0x1b0/0x690
[ 2478.667470]  ? writeback_set_ratelimit+0x150/0x150
[ 2478.667944]  ? lock_release+0x3b2/0x750
[ 2478.668320]  ? wbc_attach_and_unlock_inode+0x4cc/0x8d0
[ 2478.668856]  ? lock_downgrade+0x6d0/0x6d0
[ 2478.669252]  ? lock_release+0x750/0x750
[ 2478.669632]  ? lock_downgrade+0x6d0/0x6d0
[ 2478.670026]  ? do_raw_spin_lock+0x121/0x260
[ 2478.670441]  ? do_raw_spin_unlock+0x4f/0x210
[ 2478.670861]  ? _raw_spin_unlock+0x24/0x40
[ 2478.671251]  ? wbc_attach_and_unlock_inode+0x4cc/0x8d0
[ 2478.671743]  filemap_fdatawrite_wbc+0x143/0x1b0
[ 2478.672194]  __filemap_fdatawrite_range+0xb6/0xf0
[ 2478.672672]  ? delete_from_page_cache_batch+0xca0/0xca0
[ 2478.673183]  ? balance_dirty_pages_ratelimited_flags+0x8b/0x1610
[ 2478.673775]  ? find_held_lock+0x2c/0x110
[ 2478.674168]  file_write_and_wait_range+0xb2/0x120
[ 2478.674617]  __generic_file_fsync+0x74/0x1f0
[ 2478.675029]  ? generic_write_checks+0x2bc/0x3f0
[ 2478.675479]  fat_file_fsync+0x73/0x200
[ 2478.675854]  ? fat_trim_fs+0xfb0/0xfb0
[ 2478.676227]  vfs_fsync_range+0x13d/0x230
[ 2478.676639]  generic_file_write_iter+0x195/0x220
[ 2478.677086]  do_iter_readv_writev+0x367/0x5d0
[ 2478.677512]  ? __ia32_sys_llseek+0x380/0x380
[ 2478.677920]  ? avc_policy_seqno+0x9/0x70
[ 2478.678309]  ? security_file_permission+0xb1/0xd0
[ 2478.678772]  do_iter_write+0x187/0x6f0
[ 2478.679142]  ? lock_is_held_type+0xd7/0x130
[ 2478.679545]  vfs_iter_write+0x70/0xa0
[ 2478.679909]  iter_file_splice_write+0x736/0xca0
[ 2478.680360]  ? generic_file_splice_read+0x375/0x540
[ 2478.680860]  ? page_cache_pipe_buf_confirm+0x5b0/0x5b0
[ 2478.681355]  ? pipe_to_user+0x170/0x170
[ 2478.681728]  ? inode_security+0x105/0x130
[ 2478.682130]  ? security_file_permission+0xb1/0xd0
[ 2478.682589]  ? page_cache_pipe_buf_confirm+0x5b0/0x5b0
[ 2478.683079]  direct_splice_actor+0x10f/0x170
[ 2478.683500]  splice_direct_to_actor+0x350/0x8e0
[ 2478.683935]  ? pipe_to_sendpage+0x380/0x380
[ 2478.684332]  ? do_splice_to+0x240/0x240
[ 2478.684724]  ? security_file_permission+0xb1/0xd0
[ 2478.685179]  do_splice_direct+0x1b8/0x280
[ 2478.685557]  ? splice_direct_to_actor+0x8e0/0x8e0
[ 2478.686061]  ? do_sendfile+0xd84/0x1230
[ 2478.686451]  do_sendfile+0xad7/0x1230
[ 2478.686824]  ? __ia32_compat_sys_preadv64+0x2e0/0x2e0
[ 2478.687320]  ? __x64_sys_sendfile64+0x1ba/0x210
[ 2478.687758]  __x64_sys_sendfile64+0x1cd/0x210
[ 2478.688178]  ? __ia32_compat_sys_sendfile64+0x210/0x210
[ 2478.688696]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2478.689195]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2478.689681]  do_syscall_64+0x3b/0x90
[ 2478.690018]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 2478.690473] RIP: 0033:0x7fdb290bfb19
[ 2478.690838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2478.692627] RSP: 002b:00007fdb26635188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2478.693363] RAX: ffffffffffffffda RBX: 00007fdb291d2f60 RCX: 00007fdb290bfb19
[ 2478.694042] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2478.694733] RBP: 00007fdb29119f6d R08: 0000000000000000 R09: 0000000000000000
[ 2478.695417] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000000
[ 2478.696093] R13: 00007ffce70f475f R14: 00007fdb26635300 R15: 0000000000022000
[ 2478.696815]  </TASK>
[ 2478.697042] irq event stamp: 6085
[ 2478.697367] hardirqs last  enabled at (6084): [<ffffffff84200ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2478.698316] hardirqs last disabled at (6085): [<ffffffff841c1b4e>] _raw_spin_lock_irqsave+0x4e/0x50
[ 2478.699178] softirqs last  enabled at (5912): [<ffffffff81168a63>] __irq_exit_rcu+0x113/0x170
[ 2478.699992] softirqs last disabled at (6057): [<ffffffff81168a63>] __irq_exit_rcu+0x113/0x170
[ 2478.700829] ---[ end trace 0000000000000000 ]---
[ 2478.702078] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.714631] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.721083] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.721931] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.722625] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.725002] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.730993] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.733019] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.738961] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
11:49:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2478.742091] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.747159] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.753664] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.758496] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
11:49:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2478.761150] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.764366] syz-executor.1: attempt to access beyond end of device
[ 2478.764366] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2478.798546] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.799444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.800352] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.801163] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.802595] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.803348] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.804737] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.806163] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.807002] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.807729] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.808546] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.809269] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.810170] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.810363] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.810695] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.810921] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.811251] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.811415] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.811627] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.811907] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.812107] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.812395] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.812622] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.813473] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.813614] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
11:49:30 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_complete(0x0)
recvmsg$unix(r0, &(0x7f0000000600)={&(0x7f0000000340)=@abs, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f00000003c0)=""/61, 0x3d}, {&(0x7f0000000480)=""/16, 0x10}], 0x3, &(0x7f00000001c0)=ANY=[], 0xe8}, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000640)=0x1)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000040)={0x0, 0x88b, 0x0, 0x0, 0x0, "425bb45816f822e6b8208f9a07eeec557d2e8f"})
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000001140)="11975a43dcd3ad912051513fc9654ddeea5893b8cfbba61a2ce44acba1e61e63a4ccb378062a1a3ffaadec89146928b7395f20536bfc376d6debfabdf501ee", 0x3f}], 0x1)
bind$packet(0xffffffffffffffff, &(0x7f0000005280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000200)={'syztnl1\x00', <r2=>0x0, 0x29, 0x1, 0x5, 0x40, 0x10, @empty, @ipv4={'\x00', '\xff\xff', @empty}, 0x10, 0x80, 0x100, 0x1000}})
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000700)={'sit0\x00', &(0x7f0000000680)={'syztnl1\x00', r2, 0x2f, 0x3f, 0x3, 0x5, 0x19, @empty, @mcast2, 0x700, 0x8, 0x7, 0x7}})
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000100)={0x6, 0x6, 0x7}, &(0x7f0000000140))
accept(0xffffffffffffffff, 0x0, 0x0)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000180)={0x8, 0x7, 0x8})

[ 2478.813922] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.814135] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.814331] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.814615] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.814900] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.815089] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.815277] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.815509] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.816039] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.816250] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.816446] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.816872] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
11:49:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0x0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000240))
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r4}}, 0x370)

11:49:30 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x40843}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2478.929427] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.931153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.932468] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.933379] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.934287] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.935134] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.937300] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.938352] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.942683] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.947088] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.948199] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.951042] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.952644] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.953574] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.959621] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.961918] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
11:49:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2800800, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000380)=0x2012)
syz_open_dev$vcsa(&(0x7f0000000300), 0x10000, 0x8202)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000000c0)={0x8, 0x27, 0x4})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xffffffff80000001, 0x30, '\x00', 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2000002, 0x13, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x41c42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
syz_io_uring_setup(0x4f0f, &(0x7f00000003c0)={0x0, 0x67d6, 0x20, 0x1, 0xe0, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)

[ 2478.966941] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.968023] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.969635] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.974201] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.975521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.976548] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.978671] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.984085] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.985593] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.989695] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.990723] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.991586] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.992792] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.994361] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.995367] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2478.999346] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.000788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.006355] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.011525] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.012680] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.013455] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.014674] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.015440] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.016136] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.016832] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.017469] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.018109] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.018871] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.020951] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.022463] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.023685] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.024605] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.025451] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.026850] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.027577] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.028386] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.029358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.030677] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.032295] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.033082] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.033923] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.034745] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.036089] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.036944] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.038315] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.039469] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.040328] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.040505] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.040632] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.041351] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.041497] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.042106] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.042292] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.042504] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.042695] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.042901] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.043088] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.043278] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.113966] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.120023] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2479.120898] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 2480.024142] usercopy: Kernel memory overwrite attempt detected to SLUB object 'names_cache' (offset 1912, size 4064)!
[ 2480.025350] ------------[ cut here ]------------
[ 2480.025855] kernel BUG at mm/usercopy.c:101!
[ 2480.026254] invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 2480.026787] CPU: 1 PID: 112 Comm: systemd-journal Tainted: G    B   W          5.19.0-rc5-next-20220706 #1
[ 2480.027682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2480.028689] RIP: 0010:usercopy_abort+0xb9/0xbb
[ 2480.029125] Code: e8 49 a3 38 fd 49 89 d9 4d 89 e8 4c 89 e1 41 56 48 89 ee 48 c7 c7 20 86 6f 84 ff 74 24 08 41 57 48 8b 54 24 20 e8 2f 03 ff ff <0f> 0b e8 1d a3 38 fd 48 89 e5 e8 e5 4f 6b fd 48 89 e9 8b 54 24 0c
[ 2480.030816] RSP: 0018:ffff8880186e7c50 EFLAGS: 00010286
[ 2480.031324] RAX: 0000000000000069 RBX: ffffffff846fd660 RCX: 0000000000000000
[ 2480.031956] RDX: ffff888016e50000 RSI: ffffffff812bd348 RDI: ffffed10030dcf7c
[ 2480.032625] RBP: ffffffff846f8560 R08: 0000000000000069 R09: 0000000000000000
[ 2480.033255] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff84e88bda
[ 2480.033922] R13: ffffffff846f84a0 R14: 0000000000000fe0 R15: ffffffff846f8460
[ 2480.034546] FS:  00007fcec1bcd900(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 2480.035254] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2480.035814] CR2: 00007fcec1314000 CR3: 000000000ec72000 CR4: 0000000000350ee0
[ 2480.036458] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2480.037098] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2480.037753] Call Trace:
[ 2480.037987]  <TASK>
[ 2480.038195]  __check_heap_object+0x8e/0xd0
[ 2480.038581]  __check_object_size+0x234/0x800
[ 2480.038999]  strncpy_from_user+0xad/0x3d0
[ 2480.039387]  getname_flags.part.0+0x95/0x4f0
[ 2480.039840]  getname+0x8e/0xd0
[ 2480.040143]  do_sys_openat2+0xf5/0x4c0
[ 2480.040510]  ? build_open_flags+0x6f0/0x6f0
[ 2480.040935]  ? seccomp_notify_ioctl+0xeb0/0xeb0
[ 2480.041362]  ? syscall_enter_from_user_mode+0x18/0x50
[ 2480.041862]  __x64_sys_openat+0x13f/0x1f0
[ 2480.042235]  ? __ia32_compat_sys_open+0x1c0/0x1c0
[ 2480.042706]  ? __secure_computing+0x195/0x2f0
[ 2480.043165]  do_syscall_64+0x3b/0x90
[ 2480.043539]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 2480.044040] RIP: 0033:0x7fcec2486c64
[ 2480.044399] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 36 61 f9 ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 68 61 f9 ff 8b 44
[ 2480.046061] RSP: 002b:00007fffebe81890 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2480.046745] RAX: ffffffffffffffda RBX: 0000562705bd5d60 RCX: 00007fcec2486c64
[ 2480.047381] RDX: 0000000000080802 RSI: 0000562705bde460 RDI: 00000000ffffff9c
[ 2480.048023] RBP: 0000562705bde460 R08: 0000000000000000 R09: ffffffffffffff01
[ 2480.048711] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080802
[ 2480.049343] R13: 00000000fffffffa R14: 0000562705c11870 R15: 0000000000000002
[ 2480.050008]  </TASK>
[ 2480.050231] Modules linked in:
[ 2480.050589] ---[ end trace 0000000000000000 ]---
[ 2480.051045] RIP: 0010:usercopy_abort+0xb9/0xbb
[ 2480.051465] Code: e8 49 a3 38 fd 49 89 d9 4d 89 e8 4c 89 e1 41 56 48 89 ee 48 c7 c7 20 86 6f 84 ff 74 24 08 41 57 48 8b 54 24 20 e8 2f 03 ff ff <0f> 0b e8 1d a3 38 fd 48 89 e5 e8 e5 4f 6b fd 48 89 e9 8b 54 24 0c
[ 2480.053124] RSP: 0018:ffff8880186e7c50 EFLAGS: 00010286
[ 2480.053638] RAX: 0000000000000069 RBX: ffffffff846fd660 RCX: 0000000000000000
[ 2480.054338] RDX: ffff888016e50000 RSI: ffffffff812bd348 RDI: ffffed10030dcf7c
[ 2480.055000] RBP: ffffffff846f8560 R08: 0000000000000069 R09: 0000000000000000
[ 2480.055621] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff84e88bda
[ 2480.056279] R13: ffffffff846f84a0 R14: 0000000000000fe0 R15: ffffffff846f8460
[ 2480.056970] FS:  00007fcec1bcd900(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 2480.057705] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2480.058243] CR2: 00007fcec1314000 CR3: 000000000ec72000 CR4: 0000000000350ee0
[ 2480.058893] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2480.059531] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2480.096489] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
[ 2480.111457] loop1: detected capacity change from 0 to 40
[ 2480.120152] loop7: detected capacity change from 0 to 40
[ 2480.138982] systemd[1]: Stopping Flush Journal to Persistent Storage...
[ 2480.147435] syz-executor.7: attempt to access beyond end of device
[ 2480.147435] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2480.154886] syz-executor.1: attempt to access beyond end of device
[ 2480.154886] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2480.158853] kmemleak: Cannot insert 0xffff888046e06600 into the object search tree (overlaps existing)
[ 2480.159802] CPU: 0 PID: 23746 Comm: systemd-udevd Tainted: G    B D W          5.19.0-rc5-next-20220706 #1
[ 2480.160709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2480.161770] Call Trace:
[ 2480.162023]  <TASK>
[ 2480.162244]  dump_stack_lvl+0x8b/0xb3
[ 2480.162630]  __create_object.isra.0.cold+0x44/0x6a
[ 2480.163122]  ? kasan_unpoison+0x23/0x50
[ 2480.163525]  kmem_cache_alloc+0x247/0x490
[ 2480.163931]  getname_flags.part.0+0x50/0x4f0
[ 2480.164386]  getname+0x8e/0xd0
[ 2480.164747]  do_sys_openat2+0xf5/0x4c0
[ 2480.165146]  ? build_open_flags+0x6f0/0x6f0
[ 2480.165564]  ? seccomp_notify_ioctl+0xeb0/0xeb0
[ 2480.166000]  ? syscall_enter_from_user_mode+0x18/0x50
[ 2480.166486]  __x64_sys_openat+0x13f/0x1f0
[ 2480.166883]  ? __ia32_compat_sys_open+0x1c0/0x1c0
[ 2480.167344]  ? __secure_computing+0x195/0x2f0
[ 2480.167783]  do_syscall_64+0x3b/0x90
[ 2480.168159]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 2480.168688] RIP: 0033:0x7f6d2c837767
[ 2480.169046] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[ 2480.170771] RSP: 002b:00007fffacd734d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 2480.171474] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f6d2c837767
[ 2480.172141] RDX: 00000000002a0000 RSI: 00005560b555ead0 RDI: 00000000ffffff9c
[ 2480.172842] RBP: 00005560b555ead0 R08: 00005560b555d750 R09: 00007f6d2c81dbe0
[ 2480.173505] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000002a0000
[ 2480.174174] R13: 00000000ffffffff R14: 0000000000000000 R15: 00005560b5542f90
[ 2480.174866]  </TASK>
[ 2480.175112] kmemleak: Kernel memory leak detector disabled
[ 2480.175625] kmemleak: Object 0xffff888046e06d58 (size 4096):
[ 2480.176173] kmemleak:   comm "systemd-journal", pid 112, jiffies 4297146939
[ 2480.176819] kmemleak:   min_count = 1
[ 2480.177167] kmemleak:   count = 0
[ 2480.177499] kmemleak:   flags = 0x1
[ 2480.177852] kmemleak:   checksum = 0
[ 2480.178226] kmemleak:   backtrace:
[ 2480.178565]      getname_flags.part.0+0x50/0x4f0
[ 2480.179031]      getname+0x8e/0xd0
[ 2480.179400]      do_sys_openat2+0xf5/0x4c0
[ 2480.179812]      __x64_sys_openat+0x13f/0x1f0
[ 2480.180253]      do_syscall_64+0x3b/0x90
[ 2480.180696]      entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 2480.182312] kmemleak: Automatic memory scanning thread ended
[ 2480.201553] syz-executor.7: attempt to access beyond end of device
[ 2480.201553] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2480.270007] systemd[1]: systemd-journal-flush.service: Succeeded.
SYZFAIL: failed to write(kmemleak, "scan")
 (errno 1: Operation not permitted)
BUG: leak checking failed
[ 2483.557878] general protection fault, probably for non-canonical address 0x2abebdc22011dc8: 0000 [#2] PREEMPT SMP KASAN NOPTI
[ 2483.558983] CPU: 1 PID: 15683 Comm: kworker/u4:11 Tainted: G    B D W          5.19.0-rc5-next-20220706 #1
[ 2483.559885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2483.560965] Workqueue: writeback wb_workfn (flush-8:0)
[ 2483.561488] RIP: 0010:qlist_free_all+0xaf/0x190
[ 2483.561947] Code: 80 4c 01 c2 0f 82 f0 00 00 00 48 c7 c0 00 00 00 80 48 2b 05 c3 76 7b 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 a1 76 7b 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48
[ 2483.563680] RSP: 0018:ffff888045d4edf8 EFLAGS: 00010207
[ 2483.564195] RAX: 02abebdc22011dc0 RBX: aaffff8880477d00 RCX: 1ffffffff0b1d66d
[ 2483.564943] RDX: aaffff8900477d00 RSI: 0000000000000008 RDI: ffffffff81771eb1
[ 2483.565625] RBP: 0000000000000000 R08: aaffff8880477d00 R09: 0000000000000000
[ 2483.566308] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 2483.566991] R13: ffff888045d4ee38 R14: 0000000000000000 R15: ffff8880460e8001
[ 2483.567653] FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 2483.568385] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2483.568957] CR2: 00007f5272e8f3b8 CR3: 000000000ef28000 CR4: 0000000000350ee0
[ 2483.569619] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2483.570292] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2483.570982] Call Trace:
[ 2483.571232]  <TASK>
[ 2483.571446]  ? trace_hardirqs_on+0x2d/0x110
[ 2483.571854]  kasan_quarantine_reduce+0x180/0x200
[ 2483.572302]  __kasan_slab_alloc+0x78/0x80
[ 2483.572727]  __kmalloc+0x1be/0x440
[ 2483.573071]  ext4_find_extent+0xa39/0xd20
[ 2483.573472]  ? kernel_text_address+0xd/0xb0
[ 2483.573880]  ext4_ext_map_blocks+0x1c3/0x5cc0
[ 2483.574319]  ? ret_from_fork+0x22/0x30
[ 2483.574688]  ? stack_trace_save+0x8c/0xc0
[ 2483.575079]  ? filter_irq_stacks+0x90/0x90
[ 2483.575513]  ? __stack_depot_save+0x35/0x450
[ 2483.575924]  ? ext4_ext_release+0x10/0x10
[ 2483.576313]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.576784]  ? lock_acquire+0x45a/0x530
[ 2483.577160]  ? lock_release+0x750/0x750
[ 2483.577550]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.578010]  ? lock_release+0x543/0x750
[ 2483.578398]  ? wb_writeback+0x749/0xb50
[ 2483.578779]  ? ext4_es_lookup_extent+0x484/0xc50
[ 2483.579233]  ? lock_downgrade+0x6d0/0x6d0
[ 2483.579631]  ? ret_from_fork+0x22/0x30
[ 2483.579997]  ? lock_acquire+0x45a/0x530
[ 2483.580383]  ? down_write+0xde/0x150
[ 2483.580774]  ? down_write_killable_nested+0x180/0x180
[ 2483.581269]  ? kasan_quarantine_reduce+0x188/0x200
[ 2483.581755]  ext4_map_blocks+0x76e/0x19d0
[ 2483.582173]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2483.582606]  ? kmem_cache_alloc+0x31b/0x490
[ 2483.583007]  ext4_writepages+0x1bc9/0x3690
[ 2483.583416]  ? arch_stack_walk+0x83/0xf0
[ 2483.583817]  ? __ext4_mark_inode_dirty+0x880/0x880
[ 2483.584273]  ? ret_from_fork+0x22/0x30
[ 2483.584767]  ? __wb_calc_thresh+0xef/0x3f0
[ 2483.585209]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.585677]  ? lock_acquire+0x45a/0x530
[ 2483.586065]  ? rwlock_bug.part.0+0x90/0x90
[ 2483.586484]  ? fprop_fraction_percpu+0x1f2/0x320
[ 2483.586946]  ? __ext4_mark_inode_dirty+0x880/0x880
[ 2483.587409]  do_writepages+0x1b0/0x690
[ 2483.587795]  ? writeback_set_ratelimit+0x150/0x150
[ 2483.588276]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.588913]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.589362]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.589882]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.590328]  ? lock_release+0x543/0x750
[ 2483.590714]  ? wbc_attach_and_unlock_inode+0x449/0x8d0
[ 2483.591236]  ? lock_downgrade+0x6d0/0x6d0
[ 2483.591635]  ? lock_downgrade+0x6d0/0x6d0
[ 2483.592051]  ? lock_release+0x543/0x750
[ 2483.592439]  ? writeback_sb_inodes+0x3af/0xec0
[ 2483.592919]  ? lock_downgrade+0x6d0/0x6d0
[ 2483.593309]  ? do_raw_spin_lock+0x121/0x260
[ 2483.593717]  __writeback_single_inode+0x105/0xf50
[ 2483.594169]  ? wbc_attach_and_unlock_inode+0x49f/0x8d0
[ 2483.594683]  writeback_sb_inodes+0x542/0xec0
[ 2483.595121]  ? sync_inode_metadata+0xe0/0xe0
[ 2483.595562]  __writeback_inodes_wb+0xbe/0x270
[ 2483.596004]  wb_writeback+0x749/0xb50
[ 2483.596386]  ? __writeback_inodes_wb+0x270/0x270
[ 2483.596879]  ? get_nr_dirty_inodes+0x157/0x1c0
[ 2483.597319]  wb_workfn+0x8f7/0x10b0
[ 2483.597664]  ? inode_wait_for_writeback+0x30/0x30
[ 2483.598124]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.598581]  ? lock_acquire+0x45a/0x530
[ 2483.598962]  ? lock_release+0x750/0x750
[ 2483.599342]  ? read_word_at_a_time+0xe/0x20
[ 2483.599755]  ? strscpy+0xa0/0x2a0
[ 2483.600102]  process_one_work+0xa0f/0x1690
[ 2483.600523]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2483.601015]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2483.601483]  ? rwlock_bug.part.0+0x90/0x90
[ 2483.601908]  ? ct_nmi_exit+0x119/0x1c0
[ 2483.602282]  worker_thread+0x637/0x1250
[ 2483.602664]  ? process_one_work+0x1690/0x1690
[ 2483.603100]  kthread+0x2ed/0x3a0
[ 2483.603452]  ? kthread_complete_and_exit+0x40/0x40
[ 2483.603928]  ret_from_fork+0x22/0x30
[ 2483.604298]  </TASK>
[ 2483.604529] Modules linked in:
[ 2483.605128] ---[ end trace 0000000000000000 ]---
[ 2483.605671] RIP: 0010:usercopy_abort+0xb9/0xbb
[ 2483.606152] Code: e8 49 a3 38 fd 49 89 d9 4d 89 e8 4c 89 e1 41 56 48 89 ee 48 c7 c7 20 86 6f 84 ff 74 24 08 41 57 48 8b 54 24 20 e8 2f 03 ff ff <0f> 0b e8 1d a3 38 fd 48 89 e5 e8 e5 4f 6b fd 48 89 e9 8b 54 24 0c
[ 2483.607814] RSP: 0018:ffff8880186e7c50 EFLAGS: 00010286
[ 2483.608303] RAX: 0000000000000069 RBX: ffffffff846fd660 RCX: 0000000000000000
[ 2483.609021] RDX: ffff888016e50000 RSI: ffffffff812bd348 RDI: ffffed10030dcf7c
[ 2483.609724] RBP: ffffffff846f8560 R08: 0000000000000069 R09: 0000000000000000
[ 2483.610400] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff84e88bda
[ 2483.611109] R13: ffffffff846f84a0 R14: 0000000000000fe0 R15: ffffffff846f8460
[ 2483.611813] FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 2483.612552] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2483.613134] CR2: 00007f5272e8f3b8 CR3: 000000000ef28000 CR4: 0000000000350ee0
[ 2483.613816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2483.614498] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2483.615195] ------------[ cut here ]------------
[ 2483.615634] WARNING: CPU: 1 PID: 15683 at kernel/exit.c:741 do_exit+0x1cf8/0x27d0
[ 2483.616363] Modules linked in:
[ 2483.616689] CPU: 1 PID: 15683 Comm: kworker/u4:11 Tainted: G    B D W          5.19.0-rc5-next-20220706 #1
[ 2483.617570] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 2483.618649] Workqueue: writeback wb_workfn (flush-8:0)
[ 2483.619181] RIP: 0010:do_exit+0x1cf8/0x27d0
[ 2483.619599] Code: 89 f7 e8 cb 91 2d 00 e9 5a eb ff ff e8 51 aa 2e 00 48 8b 74 24 10 bf 05 06 00 00 e8 62 d6 02 00 e9 b3 e7 ff ff e8 38 aa 2e 00 <0f> 0b e9 9c e3 ff ff e8 2c aa 2e 00 48 8b 54 24 20 b8 ff ff 37 00
[ 2483.621299] RSP: 0018:ffff888045d4fe48 EFLAGS: 00010293
[ 2483.621812] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[ 2483.622461] RDX: ffff88804737b580 RSI: ffffffff81164ec8 RDI: ffff88804737c688
[ 2483.623134] RBP: ffff88804737b580 R08: 0000000000000005 R09: 0000000000000000
[ 2483.623778] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 2483.624445] R13: 0000000000000000 R14: ffff88804737b580 R15: 0000000000000000
[ 2483.625188] FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[ 2483.625938] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2483.626473] CR2: 00007f5272e8f3b8 CR3: 000000000ef28000 CR4: 0000000000350ee0
[ 2483.627141] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2483.627807] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 2483.628457] Call Trace:
[ 2483.628727]  <TASK>
[ 2483.628941]  ? worker_thread+0x637/0x1250
[ 2483.629349]  ? mm_update_next_owner+0x7e0/0x7e0
[ 2483.629801]  ? process_one_work+0x1690/0x1690
[ 2483.630230]  make_task_dead+0x102/0x120
[ 2483.630606]  rewind_stack_and_make_dead+0x17/0x17
[ 2483.631082] RIP: 0000:0x0
[ 2483.631364] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 2483.632029] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 2483.632793] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 2483.633465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2483.634171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2483.634872] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 2483.635522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2483.636197]  </TASK>
[ 2483.636433] irq event stamp: 1213898
[ 2483.636797] hardirqs last  enabled at (1213897): [<ffffffff841c1d1f>] _raw_spin_unlock_irq+0x1f/0x40
[ 2483.637670] hardirqs last disabled at (1213898): [<ffffffff841aade9>] __schedule+0x11d9/0x24a0
[ 2483.638494] softirqs last  enabled at (1213606): [<ffffffff83ea4ff8>] ieee80211_ibss_work+0x2e8/0xdf0
[ 2483.639383] softirqs last disabled at (1213604): [<ffffffff83ea4e48>] ieee80211_ibss_work+0x138/0xdf0
[ 2483.640246] ---[ end trace 0000000000000000 ]---

VM DIAGNOSIS:
11:49:30  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=ffff888045ce5040
RSI=ffffffff812bc4b2 RDI=0000000000000001 RBP=ffff888045c07a28 RSP=ffff888045c079f0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=000000000000001b R13=ffff888046fd3580 R14=0000000000000000 R15=ffff888045c07a78
RIP=ffffffff812bc4b4 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5a914e69c8 CR3=00000000230ba000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff4ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f5a938567c0 00007f5a938567c8
YMM02=0000000000000000 0000000000000000 00007f5a938567e0 00007f5a938567c0
YMM03=0000000000000000 0000000000000000 00007f5a938567c8 00007f5a938567c0
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8241e261 RDI=ffffffff873e66a0 RBP=ffffffff873e6660 RSP=ffff88806cf096d0
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000049 R11=0000000000000001
R12=0000000000000049 R13=ffffffff873e6660 R14=0000000000000010 R15=ffffffff8241e250
RIP=ffffffff8241e2b9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fdb26635700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f23ab7ed718 CR3=000000004428e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff4ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000