c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:08 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:08 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:08 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e"}, 0x2e, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

[ 2999.771202] loop1: detected capacity change from 0 to 40
[ 2999.787195] loop0: detected capacity change from 0 to 40
[ 2999.787474] loop3: detected capacity change from 0 to 40
[ 2999.793494] loop7: detected capacity change from 0 to 40
[ 2999.804848] loop6: detected capacity change from 0 to 40
04:07:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 2999.822410] loop4: detected capacity change from 0 to 40
[ 2999.845844] bio_check_eod: 4 callbacks suppressed
[ 2999.845856] syz-executor.3: attempt to access beyond end of device
[ 2999.845856] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2999.847193] buffer_io_error: 4 callbacks suppressed
[ 2999.847201] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2999.858852] syz-executor.3: attempt to access beyond end of device
[ 2999.858852] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2999.859887] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2999.868062] loop2: detected capacity change from 0 to 40
[ 2999.906747] syz-executor.6: attempt to access beyond end of device
[ 2999.906747] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2999.907824] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2999.930925] syz-executor.1: attempt to access beyond end of device
[ 2999.930925] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2999.932019] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:07:08 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 2999.961814] loop3: detected capacity change from 0 to 40
[ 2999.962635] syz-executor.7: attempt to access beyond end of device
[ 2999.962635] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2999.964540] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2999.981028] syz-executor.0: attempt to access beyond end of device
[ 2999.981028] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2999.982714] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:07:08 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3000.027560] syz-executor.4: attempt to access beyond end of device
[ 3000.027560] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3000.029277] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3000.035613] syz-executor.2: attempt to access beyond end of device
[ 3000.035613] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3000.037508] Buffer I/O error on dev loop2, logical block 10, lost async page write
04:07:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:08 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3000.074834] syz-executor.3: attempt to access beyond end of device
[ 3000.074834] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3000.075787] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3000.104597] loop6: detected capacity change from 0 to 40
04:07:08 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3000.119662] loop1: detected capacity change from 0 to 40
[ 3000.124597] loop7: detected capacity change from 0 to 40
04:07:08 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:08 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3000.208191] syz-executor.7: attempt to access beyond end of device
[ 3000.208191] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3000.209172] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3000.212430] loop3: detected capacity change from 0 to 40
[ 3000.215869] loop0: detected capacity change from 0 to 40
[ 3000.267941] loop4: detected capacity change from 0 to 40
[ 3000.300050] loop2: detected capacity change from 0 to 40
[ 3014.320131] loop2: detected capacity change from 0 to 40
04:07:22 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e"}, 0x2e, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:07:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3014.351947] loop1: detected capacity change from 0 to 40
[ 3014.353095] loop6: detected capacity change from 0 to 40
[ 3014.376446] loop4: detected capacity change from 0 to 40
[ 3014.407506] loop3: detected capacity change from 0 to 40
[ 3014.410781] bio_check_eod: 8 callbacks suppressed
[ 3014.410792] syz-executor.2: attempt to access beyond end of device
[ 3014.410792] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.412433] buffer_io_error: 8 callbacks suppressed
[ 3014.412442] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3014.413738] loop0: detected capacity change from 0 to 40
[ 3014.417668] loop7: detected capacity change from 0 to 40
[ 3014.419234] syz-executor.6: attempt to access beyond end of device
[ 3014.419234] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.420275] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3014.424064] syz-executor.1: attempt to access beyond end of device
[ 3014.424064] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.425174] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3014.466673] syz-executor.4: attempt to access beyond end of device
[ 3014.466673] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.467741] Buffer I/O error on dev loop4, logical block 10, lost async page write
04:07:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3014.565828] loop6: detected capacity change from 0 to 40
[ 3014.576547] loop1: detected capacity change from 0 to 40
[ 3014.579517] syz-executor.0: attempt to access beyond end of device
[ 3014.579517] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.580661] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:07:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3014.614800] syz-executor.3: attempt to access beyond end of device
[ 3014.614800] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.615761] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3014.624791] syz-executor.7: attempt to access beyond end of device
[ 3014.624791] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.626941] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3014.630912] syz-executor.6: attempt to access beyond end of device
[ 3014.630912] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.632068] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3014.657720] syz-executor.1: attempt to access beyond end of device
[ 3014.657720] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.658803] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3014.669955] loop2: detected capacity change from 0 to 40
04:07:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:23 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3014.719448] loop4: detected capacity change from 0 to 40
04:07:23 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3014.790898] loop1: detected capacity change from 0 to 40
[ 3014.793268] syz-executor.2: attempt to access beyond end of device
[ 3014.793268] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3014.794362] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3014.796689] loop6: detected capacity change from 0 to 40
[ 3014.844714] loop0: detected capacity change from 0 to 40
[ 3014.855054] loop3: detected capacity change from 0 to 40
[ 3029.020206] loop4: detected capacity change from 0 to 40
04:07:37 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:37 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e"}, 0x2e, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:07:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3029.035578] loop1: detected capacity change from 0 to 40
[ 3029.052825] loop2: detected capacity change from 0 to 40
[ 3029.055988] loop6: detected capacity change from 0 to 40
[ 3029.078368] loop7: detected capacity change from 0 to 40
[ 3029.082069] loop0: detected capacity change from 0 to 40
[ 3029.087688] loop3: detected capacity change from 0 to 40
[ 3029.147902] bio_check_eod: 5 callbacks suppressed
[ 3029.147926] syz-executor.4: attempt to access beyond end of device
[ 3029.147926] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.150644] buffer_io_error: 5 callbacks suppressed
[ 3029.150660] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3029.159777] syz-executor.1: attempt to access beyond end of device
[ 3029.159777] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.161091] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3029.162239] syz-executor.2: attempt to access beyond end of device
[ 3029.162239] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.163976] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3029.182782] syz-executor.0: attempt to access beyond end of device
[ 3029.182782] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.183945] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3029.188550] syz-executor.7: attempt to access beyond end of device
[ 3029.188550] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.189809] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3029.232794] syz-executor.6: attempt to access beyond end of device
[ 3029.232794] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.234620] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:07:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3029.303767] syz-executor.3: attempt to access beyond end of device
[ 3029.303767] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.304767] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3029.321043] loop0: detected capacity change from 0 to 40
04:07:37 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3029.340263] loop1: detected capacity change from 0 to 40
[ 3029.358832] loop7: detected capacity change from 0 to 40
[ 3029.362884] loop2: detected capacity change from 0 to 40
04:07:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3029.397584] loop6: detected capacity change from 0 to 40
[ 3029.415758] syz-executor.0: attempt to access beyond end of device
[ 3029.415758] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.416921] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3029.458017] loop3: detected capacity change from 0 to 40
[ 3029.470112] syz-executor.2: attempt to access beyond end of device
[ 3029.470112] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.471205] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3029.477275] syz-executor.7: attempt to access beyond end of device
[ 3029.477275] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3029.478854] Buffer I/O error on dev loop7, logical block 10, lost async page write
04:07:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3029.621160] loop0: detected capacity change from 0 to 40
[ 3029.659015] loop7: detected capacity change from 0 to 40
[ 3029.662747] loop6: detected capacity change from 0 to 40
04:07:50 executing program 4:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e"}, 0x2e, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:07:50 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e87"}, 0x2f, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:07:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3042.345192] loop1: detected capacity change from 0 to 40
[ 3042.375804] loop6: detected capacity change from 0 to 40
[ 3042.382565] bio_check_eod: 6 callbacks suppressed
[ 3042.382576] syz-executor.1: attempt to access beyond end of device
[ 3042.382576] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.383881] buffer_io_error: 6 callbacks suppressed
[ 3042.383890] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3042.384828] loop7: detected capacity change from 0 to 40
[ 3042.396541] loop0: detected capacity change from 0 to 40
[ 3042.419381] loop2: detected capacity change from 0 to 40
[ 3042.421020] loop3: detected capacity change from 0 to 40
[ 3042.438868] syz-executor.7: attempt to access beyond end of device
[ 3042.438868] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.439873] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3042.443764] syz-executor.6: attempt to access beyond end of device
[ 3042.443764] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.444889] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:07:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:07:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:07:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3042.532141] loop7: detected capacity change from 0 to 40
[ 3042.533755] loop6: detected capacity change from 0 to 40
[ 3042.582562] syz-executor.7: attempt to access beyond end of device
[ 3042.582562] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.583536] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3042.591932] syz-executor.6: attempt to access beyond end of device
[ 3042.591932] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.592898] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3042.594699] syz-executor.0: attempt to access beyond end of device
[ 3042.594699] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.596845] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3042.641892] syz-executor.3: attempt to access beyond end of device
[ 3042.641892] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.643951] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3042.649995] syz-executor.2: attempt to access beyond end of device
[ 3042.649995] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.651027] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3042.652089] loop1: detected capacity change from 0 to 40
[ 3042.703483] syz-executor.1: attempt to access beyond end of device
[ 3042.703483] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.704445] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3042.724089] syz-executor.1: attempt to access beyond end of device
[ 3042.724089] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3042.725204] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3057.859699] loop3: detected capacity change from 0 to 40
[ 3057.871881] loop4: detected capacity change from 0 to 40
04:08:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:06 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e87"}, 0x2f, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:08:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3057.881105] loop7: detected capacity change from 0 to 40
[ 3057.883594] loop2: detected capacity change from 0 to 40
04:08:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3057.916972] syz-executor.3: attempt to access beyond end of device
[ 3057.916972] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3057.918043] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3057.918807] loop1: detected capacity change from 0 to 40
[ 3057.922963] loop6: detected capacity change from 0 to 40
[ 3057.924339] loop0: detected capacity change from 0 to 40
[ 3057.927067] syz-executor.3: attempt to access beyond end of device
[ 3057.927067] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3057.928056] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3057.930340] syz-executor.4: attempt to access beyond end of device
[ 3057.930340] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3057.931227] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3057.945855] syz-executor.4: attempt to access beyond end of device
[ 3057.945855] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3057.946768] Buffer I/O error on dev loop4, logical block 10, lost async page write
04:08:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3058.019268] syz-executor.0: attempt to access beyond end of device
[ 3058.019268] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3058.020257] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3058.037264] loop3: detected capacity change from 0 to 40
[ 3058.044604] syz-executor.7: attempt to access beyond end of device
[ 3058.044604] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3058.046092] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3058.048824] syz-executor.2: attempt to access beyond end of device
[ 3058.048824] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3058.050182] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3058.070191] syz-executor.6: attempt to access beyond end of device
[ 3058.070191] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3058.071428] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3058.076679] loop4: detected capacity change from 0 to 40
04:08:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3058.094594] syz-executor.1: attempt to access beyond end of device
[ 3058.094594] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3058.095737] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:08:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3058.145708] syz-executor.3: attempt to access beyond end of device
[ 3058.145708] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3058.146766] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3058.174127] loop6: detected capacity change from 0 to 40
04:08:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3058.194734] loop0: detected capacity change from 0 to 40
[ 3058.204160] loop2: detected capacity change from 0 to 40
[ 3058.205098] loop7: detected capacity change from 0 to 40
04:08:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3058.308517] loop1: detected capacity change from 0 to 40
[ 3058.321665] loop4: detected capacity change from 0 to 40
04:08:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3058.342435] loop3: detected capacity change from 0 to 40
[ 3058.410946] loop2: detected capacity change from 0 to 40
04:08:21 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e87"}, 0x2f, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:08:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3073.370433] loop1: detected capacity change from 0 to 40
[ 3073.377834] loop6: detected capacity change from 0 to 40
04:08:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

04:08:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0x4}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3073.389957] loop4: detected capacity change from 0 to 40
[ 3073.408438] loop7: detected capacity change from 0 to 40
[ 3073.433651] loop2: detected capacity change from 0 to 40
[ 3073.460207] bio_check_eod: 11 callbacks suppressed
[ 3073.460218] syz-executor.6: attempt to access beyond end of device
[ 3073.460218] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.461686] buffer_io_error: 11 callbacks suppressed
[ 3073.461695] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3073.470855] syz-executor.4: attempt to access beyond end of device
[ 3073.470855] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.471482] loop0: detected capacity change from 0 to 40
[ 3073.471932] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3073.480564] loop3: detected capacity change from 0 to 40
[ 3073.512533] syz-executor.4: attempt to access beyond end of device
[ 3073.512533] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.513494] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3073.525435] syz-executor.2: attempt to access beyond end of device
[ 3073.525435] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.526248] Buffer I/O error on dev loop2, logical block 10, lost async page write
04:08:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

[ 3073.586151] syz-executor.0: attempt to access beyond end of device
[ 3073.586151] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.587223] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:08:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

[ 3073.603864] syz-executor.1: attempt to access beyond end of device
[ 3073.603864] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.605821] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3073.621615] loop6: detected capacity change from 0 to 40
04:08:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0x4}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3073.630971] syz-executor.7: attempt to access beyond end of device
[ 3073.630971] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.632877] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3073.663808] syz-executor.3: attempt to access beyond end of device
[ 3073.663808] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.665802] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3073.676567] loop4: detected capacity change from 0 to 40
04:08:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3073.714367] loop2: detected capacity change from 0 to 40
[ 3073.725580] syz-executor.6: attempt to access beyond end of device
[ 3073.725580] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.726665] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:08:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3073.779272] syz-executor.4: attempt to access beyond end of device
[ 3073.779272] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3073.780254] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3073.799880] loop0: detected capacity change from 0 to 40
04:08:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

[ 3073.828670] loop7: detected capacity change from 0 to 40
04:08:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3073.876111] loop1: detected capacity change from 0 to 40
[ 3073.886797] loop6: detected capacity change from 0 to 40
[ 3073.895609] loop3: detected capacity change from 0 to 40
04:08:34 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x0)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:08:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0x4}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:34 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:34 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:34 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

04:08:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:34 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3085.656320] loop2: detected capacity change from 0 to 40
[ 3085.659763] loop1: detected capacity change from 0 to 40
[ 3085.666228] loop6: detected capacity change from 0 to 40
[ 3085.671685] loop0: detected capacity change from 0 to 40
[ 3085.681584] loop3: detected capacity change from 0 to 40
[ 3085.687044] loop4: detected capacity change from 0 to 40
[ 3085.689255] loop7: detected capacity change from 0 to 40
[ 3085.770011] bio_check_eod: 7 callbacks suppressed
[ 3085.770027] syz-executor.2: attempt to access beyond end of device
[ 3085.770027] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.771519] buffer_io_error: 7 callbacks suppressed
[ 3085.771528] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3085.785849] syz-executor.0: attempt to access beyond end of device
[ 3085.785849] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.787540] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3085.789243] syz-executor.7: attempt to access beyond end of device
[ 3085.789243] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.790242] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3085.792230] syz-executor.1: attempt to access beyond end of device
[ 3085.792230] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.793230] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3085.798692] syz-executor.3: attempt to access beyond end of device
[ 3085.798692] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.799635] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3085.807484] syz-executor.6: attempt to access beyond end of device
[ 3085.807484] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.808411] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:08:34 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3085.877928] syz-executor.4: attempt to access beyond end of device
[ 3085.877928] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3085.879445] Buffer I/O error on dev loop4, logical block 10, lost async page write
04:08:34 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3085.915882] loop7: detected capacity change from 0 to 40
[ 3085.930763] loop1: detected capacity change from 0 to 40
04:08:34 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

[ 3085.941811] loop3: detected capacity change from 0 to 40
04:08:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3085.960237] loop6: detected capacity change from 0 to 40
04:08:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3085.999728] syz-executor.7: attempt to access beyond end of device
[ 3085.999728] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3086.000779] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3086.010611] syz-executor.1: attempt to access beyond end of device
[ 3086.010611] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3086.011553] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3086.014217] loop2: detected capacity change from 0 to 40
04:08:34 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xb4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3086.038928] syz-executor.3: attempt to access beyond end of device
[ 3086.038928] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3086.039930] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3086.055639] loop0: detected capacity change from 0 to 40
04:08:34 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xb4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3086.163911] loop4: detected capacity change from 0 to 40
[ 3101.475789] loop4: detected capacity change from 0 to 40
04:08:49 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x0)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:08:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:49 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xb4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:49 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

04:08:49 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:49 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3101.494952] loop7: detected capacity change from 0 to 40
[ 3101.496963] loop0: detected capacity change from 0 to 40
[ 3101.503151] loop6: detected capacity change from 0 to 40
[ 3101.539125] loop2: detected capacity change from 0 to 40
[ 3101.548767] loop1: detected capacity change from 0 to 40
[ 3101.551224] loop3: detected capacity change from 0 to 40
[ 3101.565054] bio_check_eod: 5 callbacks suppressed
[ 3101.565104] syz-executor.7: attempt to access beyond end of device
[ 3101.565104] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.567990] buffer_io_error: 5 callbacks suppressed
[ 3101.568006] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3101.575043] syz-executor.6: attempt to access beyond end of device
[ 3101.575043] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.576022] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3101.586192] syz-executor.4: attempt to access beyond end of device
[ 3101.586192] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.587268] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3101.655740] syz-executor.1: attempt to access beyond end of device
[ 3101.655740] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.656847] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:08:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)

[ 3101.691497] syz-executor.1: attempt to access beyond end of device
[ 3101.691497] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.692460] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3101.703267] syz-executor.0: attempt to access beyond end of device
[ 3101.703267] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.705215] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:08:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3101.744076] loop6: detected capacity change from 0 to 40
[ 3101.744123] syz-executor.2: attempt to access beyond end of device
[ 3101.744123] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.746488] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3101.747462] loop4: detected capacity change from 0 to 40
[ 3101.759214] syz-executor.3: attempt to access beyond end of device
[ 3101.759214] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.761243] Buffer I/O error on dev loop3, logical block 10, lost async page write
04:08:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

[ 3101.828018] syz-executor.6: attempt to access beyond end of device
[ 3101.828018] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.829088] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3101.834853] syz-executor.4: attempt to access beyond end of device
[ 3101.834853] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3101.835812] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3101.850200] loop1: detected capacity change from 0 to 40
04:08:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3101.860555] loop7: detected capacity change from 0 to 40
04:08:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:08:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:08:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)

[ 3101.940109] loop3: detected capacity change from 0 to 40
[ 3101.963419] loop0: detected capacity change from 0 to 40
[ 3101.991744] loop2: detected capacity change from 0 to 40
[ 3102.035038] loop6: detected capacity change from 0 to 40
04:09:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc0, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)

04:09:06 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x0)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:09:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3117.834070] loop7: detected capacity change from 0 to 40
[ 3117.845371] loop2: detected capacity change from 0 to 40
[ 3117.850816] loop3: detected capacity change from 0 to 40
[ 3117.854240] loop0: detected capacity change from 0 to 40
[ 3117.857564] loop6: detected capacity change from 0 to 40
[ 3117.867130] loop1: detected capacity change from 0 to 40
[ 3117.868624] loop4: detected capacity change from 0 to 40
[ 3118.008948] bio_check_eod: 8 callbacks suppressed
[ 3118.008972] syz-executor.7: attempt to access beyond end of device
[ 3118.008972] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.011468] buffer_io_error: 8 callbacks suppressed
[ 3118.011483] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3118.015820] syz-executor.6: attempt to access beyond end of device
[ 3118.015820] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.017542] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3118.029724] syz-executor.0: attempt to access beyond end of device
[ 3118.029724] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.031489] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3118.037491] syz-executor.2: attempt to access beyond end of device
[ 3118.037491] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.039173] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3118.042653] syz-executor.3: attempt to access beyond end of device
[ 3118.042653] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.044629] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3118.073140] syz-executor.4: attempt to access beyond end of device
[ 3118.073140] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.074774] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3118.076939] syz-executor.1: attempt to access beyond end of device
[ 3118.076939] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.080725] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:09:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(0x0, 0x0, 0x6, r1, 0x3)

04:09:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3118.259725] loop7: detected capacity change from 0 to 40
[ 3118.263514] loop0: detected capacity change from 0 to 40
[ 3118.270016] loop2: detected capacity change from 0 to 40
[ 3118.314594] loop3: detected capacity change from 0 to 40
[ 3118.335211] loop1: detected capacity change from 0 to 40
[ 3118.337582] loop4: detected capacity change from 0 to 40
[ 3118.370376] syz-executor.0: attempt to access beyond end of device
[ 3118.370376] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.372450] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3118.381808] syz-executor.7: attempt to access beyond end of device
[ 3118.381808] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.383508] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3118.394121] syz-executor.2: attempt to access beyond end of device
[ 3118.394121] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3118.396044] Buffer I/O error on dev loop2, logical block 10, lost async page write
04:09:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:06 executing program 6:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x0)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

[ 3118.640849] loop0: detected capacity change from 0 to 40
[ 3118.641074] loop2: detected capacity change from 0 to 40
04:09:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3133.936754] loop6: detected capacity change from 0 to 40
04:09:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(0x0, 0x0, 0x6, r1, 0x3)

04:09:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:22 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:09:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(0x0, 0x0, 0x6, r1, 0x3)

04:09:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x54, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3133.990729] loop3: detected capacity change from 0 to 40
[ 3133.996531] loop7: detected capacity change from 0 to 40
[ 3134.005055] loop0: detected capacity change from 0 to 40
[ 3134.006472] loop2: detected capacity change from 0 to 40
[ 3134.012261] loop4: detected capacity change from 0 to 40
[ 3134.024768] loop1: detected capacity change from 0 to 40
[ 3134.124867] bio_check_eod: 5 callbacks suppressed
[ 3134.124893] syz-executor.6: attempt to access beyond end of device
[ 3134.124893] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.127872] buffer_io_error: 5 callbacks suppressed
[ 3134.127890] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3134.148108] syz-executor.7: attempt to access beyond end of device
[ 3134.148108] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.149870] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3134.201153] syz-executor.2: attempt to access beyond end of device
[ 3134.201153] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.202908] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3134.212664] syz-executor.3: attempt to access beyond end of device
[ 3134.212664] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.214532] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3134.218989] syz-executor.0: attempt to access beyond end of device
[ 3134.218989] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.220941] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3134.233622] syz-executor.4: attempt to access beyond end of device
[ 3134.233622] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.235607] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3134.254153] syz-executor.1: attempt to access beyond end of device
[ 3134.254153] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.255905] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:09:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(0x0, 0x0, 0x6, r1, 0x3)

04:09:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3134.391630] loop7: detected capacity change from 0 to 40
[ 3134.398081] loop6: detected capacity change from 0 to 40
04:09:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3134.484584] loop2: detected capacity change from 0 to 40
[ 3134.485718] loop0: detected capacity change from 0 to 40
[ 3134.509478] loop3: detected capacity change from 0 to 40
[ 3134.514489] loop4: detected capacity change from 0 to 40
[ 3134.514542] syz-executor.7: attempt to access beyond end of device
[ 3134.514542] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.516812] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3134.558975] loop1: detected capacity change from 0 to 40
[ 3134.563088] syz-executor.6: attempt to access beyond end of device
[ 3134.563088] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.564750] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3134.618117] syz-executor.0: attempt to access beyond end of device
[ 3134.618117] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3134.619836] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:09:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3134.799565] loop7: detected capacity change from 0 to 40
04:09:42 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3153.658985] loop3: detected capacity change from 0 to 40
[ 3153.671252] loop4: detected capacity change from 0 to 40
[ 3153.674264] loop2: detected capacity change from 0 to 40
[ 3153.696332] loop1: detected capacity change from 0 to 40
[ 3153.700689] loop0: detected capacity change from 0 to 40
[ 3153.703172] loop6: detected capacity change from 0 to 40
[ 3153.707131] loop7: detected capacity change from 0 to 40
04:09:42 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:09:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:42 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:42 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xec, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x48, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xa4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3153.840790] bio_check_eod: 5 callbacks suppressed
[ 3153.840814] syz-executor.3: attempt to access beyond end of device
[ 3153.840814] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.843441] buffer_io_error: 5 callbacks suppressed
[ 3153.843456] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3153.853096] syz-executor.2: attempt to access beyond end of device
[ 3153.853096] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.854877] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3153.863037] syz-executor.7: attempt to access beyond end of device
[ 3153.863037] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.864786] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3153.884766] syz-executor.0: attempt to access beyond end of device
[ 3153.884766] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.886569] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3153.887234] syz-executor.6: attempt to access beyond end of device
[ 3153.887234] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.889485] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3153.892655] syz-executor.4: attempt to access beyond end of device
[ 3153.892655] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.894328] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3153.901997] syz-executor.1: attempt to access beyond end of device
[ 3153.901997] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3153.903749] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:09:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:42 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:42 executing program 1:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a"}, 0x9d, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:09:42 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xa4, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3154.098551] loop3: detected capacity change from 0 to 40
[ 3154.109639] loop7: detected capacity change from 0 to 40
[ 3154.153273] loop2: detected capacity change from 0 to 40
[ 3154.157251] loop0: detected capacity change from 0 to 40
[ 3154.223010] loop6: detected capacity change from 0 to 40
[ 3154.244204] loop4: detected capacity change from 0 to 40
[ 3154.256588] syz-executor.7: attempt to access beyond end of device
[ 3154.256588] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3154.258828] Buffer I/O error on dev loop7, logical block 10, lost async page write
04:09:42 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3154.303641] syz-executor.2: attempt to access beyond end of device
[ 3154.303641] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3154.305437] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3154.343726] syz-executor.3: attempt to access beyond end of device
[ 3154.343726] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3154.345549] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3154.378827] loop1: detected capacity change from 0 to 40
04:09:42 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3154.549271] loop7: detected capacity change from 0 to 40
04:09:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:58 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3169.757568] loop1: detected capacity change from 0 to 40
04:09:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xc8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:09:58 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:09:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3169.762857] loop3: detected capacity change from 0 to 40
[ 3169.765261] loop2: detected capacity change from 0 to 40
[ 3169.800208] loop6: detected capacity change from 0 to 40
[ 3169.811212] loop7: detected capacity change from 0 to 40
[ 3169.830446] loop0: detected capacity change from 0 to 40
[ 3169.838953] bio_check_eod: 5 callbacks suppressed
[ 3169.838963] syz-executor.2: attempt to access beyond end of device
[ 3169.838963] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3169.840564] buffer_io_error: 5 callbacks suppressed
[ 3169.840572] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3169.847547] loop4: detected capacity change from 0 to 40
[ 3169.866745] syz-executor.3: attempt to access beyond end of device
[ 3169.866745] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3169.867722] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3169.879871] syz-executor.3: attempt to access beyond end of device
[ 3169.879871] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3169.880917] Buffer I/O error on dev loop3, logical block 10, lost async page write
04:09:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3169.929959] syz-executor.1: attempt to access beyond end of device
[ 3169.929959] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3169.931662] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3169.937616] syz-executor.0: attempt to access beyond end of device
[ 3169.937616] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3169.938665] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:09:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3170.002881] syz-executor.7: attempt to access beyond end of device
[ 3170.002881] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3170.004570] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3170.024645] syz-executor.6: attempt to access beyond end of device
[ 3170.024645] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3170.026438] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:09:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:09:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3170.053026] loop2: detected capacity change from 0 to 40
[ 3170.064942] syz-executor.4: attempt to access beyond end of device
[ 3170.064942] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3170.066678] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3170.068522] loop0: detected capacity change from 0 to 40
[ 3170.091470] loop3: detected capacity change from 0 to 40
04:09:58 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3170.131619] loop1: detected capacity change from 0 to 40
[ 3170.153739] syz-executor.0: attempt to access beyond end of device
[ 3170.153739] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3170.154706] Buffer I/O error on dev loop0, logical block 10, lost async page write
04:09:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3170.181497] syz-executor.3: attempt to access beyond end of device
[ 3170.181497] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3170.182491] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3170.211375] loop7: detected capacity change from 0 to 40
04:09:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3170.238969] loop6: detected capacity change from 0 to 40
04:09:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3170.269138] loop4: detected capacity change from 0 to 40
04:09:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

[ 3170.333784] loop3: detected capacity change from 0 to 40
[ 3170.381484] loop2: detected capacity change from 0 to 40
04:10:11 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:10:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

04:10:11 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:11 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:11 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3183.142384] loop2: detected capacity change from 0 to 40
[ 3183.143698] loop1: detected capacity change from 0 to 40
[ 3183.150187] loop0: detected capacity change from 0 to 40
[ 3183.169730] loop6: detected capacity change from 0 to 40
[ 3183.175347] loop7: detected capacity change from 0 to 40
[ 3183.196429] bio_check_eod: 9 callbacks suppressed
[ 3183.196441] syz-executor.1: attempt to access beyond end of device
[ 3183.196441] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.197817] buffer_io_error: 9 callbacks suppressed
[ 3183.197825] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3183.207780] loop4: detected capacity change from 0 to 40
[ 3183.212732] loop3: detected capacity change from 0 to 40
04:10:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3183.321109] syz-executor.6: attempt to access beyond end of device
[ 3183.321109] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.322110] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 3183.365992] syz-executor.2: attempt to access beyond end of device
[ 3183.365992] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.368025] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3183.381158] syz-executor.0: attempt to access beyond end of device
[ 3183.381158] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.383426] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3183.399132] syz-executor.3: attempt to access beyond end of device
[ 3183.399132] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.400078] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3183.413645] syz-executor.7: attempt to access beyond end of device
[ 3183.413645] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.415694] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3183.430788] syz-executor.4: attempt to access beyond end of device
[ 3183.430788] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.433170] Buffer I/O error on dev loop4, logical block 10, lost async page write
04:10:11 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

04:10:11 executing program 4:
r0 = msgget(0x3, 0x0)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x0, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)

[ 3183.567964] loop6: detected capacity change from 0 to 40
04:10:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3183.639933] loop2: detected capacity change from 0 to 40
04:10:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x0, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3183.672947] loop7: detected capacity change from 0 to 40
[ 3183.756531] loop3: detected capacity change from 0 to 40
[ 3183.784859] loop0: detected capacity change from 0 to 40
[ 3183.853689] syz-executor.7: attempt to access beyond end of device
[ 3183.853689] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.855463] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3183.871644] syz-executor.3: attempt to access beyond end of device
[ 3183.871644] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.873749] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3183.880246] syz-executor.6: attempt to access beyond end of device
[ 3183.880246] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3183.882435] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:10:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:12 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:10:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x0, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

04:10:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3184.118875] loop3: detected capacity change from 0 to 40
04:10:12 executing program 6:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:10:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3184.234455] loop4: detected capacity change from 0 to 40
[ 3184.280201] loop0: detected capacity change from 0 to 40
[ 3184.303742] loop2: detected capacity change from 0 to 40
[ 3184.334197] loop7: detected capacity change from 0 to 40
04:10:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3184.740347] loop4: detected capacity change from 0 to 40
[ 3184.770740] loop0: detected capacity change from 0 to 40
[ 3206.594722] loop3: detected capacity change from 0 to 40
[ 3206.596475] loop0: detected capacity change from 0 to 40
04:10:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x0, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

04:10:34 executing program 6:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:10:34 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000300), 0x4, 0x0)

04:10:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
[ 3206.601426] loop4: detected capacity change from 0 to 40
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:35 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:35 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

[ 3206.619391] loop1: detected capacity change from 0 to 40
[ 3206.629522] loop2: detected capacity change from 0 to 40
[ 3206.634621] loop7: detected capacity change from 0 to 40
[ 3206.764584] bio_check_eod: 5 callbacks suppressed
[ 3206.764605] buffer_io_error: 5 callbacks suppressed
[ 3206.764608] syz-executor.7: attempt to access beyond end of device
[ 3206.764608] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3206.764625] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3206.769116] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3206.783847] syz-executor.0: attempt to access beyond end of device
[ 3206.783847] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3206.785573] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3206.788811] syz-executor.2: attempt to access beyond end of device
[ 3206.788811] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3206.789637] syz-executor.4: attempt to access beyond end of device
[ 3206.789637] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3206.790586] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3206.791855] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3206.822863] syz-executor.1: attempt to access beyond end of device
[ 3206.822863] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3206.824596] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:10:48 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
r4 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r4})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:10:48 executing program 6:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

[ 3220.134785] loop0: detected capacity change from 0 to 40
04:10:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x4, 0x0)

04:10:48 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:10:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:10:48 executing program 4:
r0 = msgget(0x3, 0x0)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x0, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)

04:10:48 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3220.153550] loop1: detected capacity change from 0 to 40
[ 3220.180739] loop2: detected capacity change from 0 to 40
[ 3220.197747] syz-executor.0: attempt to access beyond end of device
[ 3220.197747] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.198682] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3220.213434] loop3: detected capacity change from 0 to 40
[ 3220.219048] syz-executor.1: attempt to access beyond end of device
[ 3220.219048] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.220092] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3220.228632] loop7: detected capacity change from 0 to 40
04:10:48 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x0, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3220.277178] syz-executor.2: attempt to access beyond end of device
[ 3220.277178] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.278153] Buffer I/O error on dev loop2, logical block 10, lost async page write
04:10:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3220.313500] loop4: detected capacity change from 0 to 40
04:10:48 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3220.357813] loop0: detected capacity change from 0 to 40
[ 3220.382739] loop1: detected capacity change from 0 to 40
[ 3220.382729] syz-executor.7: attempt to access beyond end of device
[ 3220.382729] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.385106] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3220.390809] syz-executor.4: attempt to access beyond end of device
[ 3220.390809] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.391021] syz-executor.3: attempt to access beyond end of device
[ 3220.391021] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.391874] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3220.393550] Buffer I/O error on dev loop3, logical block 10, lost async page write
04:10:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)

[ 3220.425720] syz-executor.4: attempt to access beyond end of device
[ 3220.425720] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.426683] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3220.428049] syz-executor.0: attempt to access beyond end of device
[ 3220.428049] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.428982] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3220.462869] syz-executor.1: attempt to access beyond end of device
[ 3220.462869] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.463856] Buffer I/O error on dev loop1, logical block 10, lost async page write
04:10:48 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3220.503433] loop2: detected capacity change from 0 to 40
[ 3220.537837] loop7: detected capacity change from 0 to 40
[ 3220.560811] syz-executor.2: attempt to access beyond end of device
[ 3220.560811] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3220.561761] Buffer I/O error on dev loop2, logical block 10, lost async page write
04:11:05 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:05 executing program 6:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, 0x0)
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:11:05 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
r4 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r4})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:11:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3237.296267] loop1: detected capacity change from 0 to 40
04:11:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)

04:11:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3237.315430] loop4: detected capacity change from 0 to 40
[ 3237.339749] bio_check_eod: 1 callbacks suppressed
[ 3237.339760] syz-executor.1: attempt to access beyond end of device
[ 3237.339760] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.340164] loop2: detected capacity change from 0 to 40
[ 3237.341121] buffer_io_error: 1 callbacks suppressed
[ 3237.341128] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3237.342242] loop7: detected capacity change from 0 to 40
[ 3237.344841] loop0: detected capacity change from 0 to 40
[ 3237.345926] loop3: detected capacity change from 0 to 40
04:11:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3237.443957] syz-executor.0: attempt to access beyond end of device
[ 3237.443957] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.444949] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3237.485551] syz-executor.3: attempt to access beyond end of device
[ 3237.485551] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.486526] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3237.512657] syz-executor.2: attempt to access beyond end of device
[ 3237.512657] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.513761] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3237.514266] syz-executor.4: attempt to access beyond end of device
[ 3237.514266] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.515248] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3237.520004] syz-executor.7: attempt to access beyond end of device
[ 3237.520004] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.521896] Buffer I/O error on dev loop7, logical block 10, lost async page write
04:11:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:11:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)

[ 3237.629678] loop0: detected capacity change from 0 to 40
[ 3237.656665] loop3: detected capacity change from 0 to 40
[ 3237.691587] loop7: detected capacity change from 0 to 40
[ 3237.701931] loop2: detected capacity change from 0 to 40
[ 3237.705101] loop4: detected capacity change from 0 to 40
[ 3237.782472] syz-executor.0: attempt to access beyond end of device
[ 3237.782472] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.783590] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3237.809708] syz-executor.3: attempt to access beyond end of device
[ 3237.809708] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.811600] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3237.838200] syz-executor.2: attempt to access beyond end of device
[ 3237.838200] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.839463] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3237.859602] syz-executor.7: attempt to access beyond end of device
[ 3237.859602] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3237.860745] Buffer I/O error on dev loop7, logical block 10, lost async page write
04:11:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:11:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x0, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3237.970446] loop0: detected capacity change from 0 to 40
[ 3237.997439] loop3: detected capacity change from 0 to 40
04:11:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3238.067307] loop7: detected capacity change from 0 to 40
04:11:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:11:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r1, r0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3251.666147] loop6: detected capacity change from 0 to 40
04:11:20 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
getegid()
r4 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x140, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r4})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:11:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x0, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(0xffffffffffffffff, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3251.683472] loop2: detected capacity change from 0 to 40
[ 3251.692027] loop4: detected capacity change from 0 to 40
[ 3251.734654] loop7: detected capacity change from 0 to 40
[ 3251.736879] loop3: detected capacity change from 0 to 40
[ 3251.741926] loop0: detected capacity change from 0 to 40
[ 3251.744906] loop1: detected capacity change from 0 to 40
[ 3251.747491] bio_check_eod: 4 callbacks suppressed
[ 3251.747501] syz-executor.2: attempt to access beyond end of device
[ 3251.747501] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.748874] buffer_io_error: 4 callbacks suppressed
[ 3251.748882] Buffer I/O error on dev loop2, logical block 10, lost async page write
04:11:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3251.810819] loop6: detected capacity change from 0 to 40
[ 3251.820152] syz-executor.4: attempt to access beyond end of device
[ 3251.820152] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.821118] Buffer I/O error on dev loop4, logical block 10, lost async page write
04:11:20 executing program 2:
r0 = msgget(0x3, 0x0)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)

[ 3251.896204] syz-executor.7: attempt to access beyond end of device
[ 3251.896204] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.897235] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3251.904471] syz-executor.1: attempt to access beyond end of device
[ 3251.904471] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.905265] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3251.909635] syz-executor.3: attempt to access beyond end of device
[ 3251.909635] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.911581] Buffer I/O error on dev loop3, logical block 10, lost async page write
04:11:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3251.968739] syz-executor.0: attempt to access beyond end of device
[ 3251.968739] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.970724] Buffer I/O error on dev loop0, logical block 10, lost async page write
[ 3251.971403] syz-executor.6: attempt to access beyond end of device
[ 3251.971403] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3251.973467] Buffer I/O error on dev loop6, logical block 10, lost async page write
04:11:20 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x0, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3252.057659] loop4: detected capacity change from 0 to 40
04:11:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:11:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x0, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

[ 3252.169528] loop3: detected capacity change from 0 to 40
[ 3252.176650] loop7: detected capacity change from 0 to 40
[ 3252.178819] loop1: detected capacity change from 0 to 40
[ 3252.206459] loop2: detected capacity change from 0 to 40
04:11:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x80052, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3252.281413] loop0: detected capacity change from 0 to 40
[ 3252.334910] syz-executor.3: attempt to access beyond end of device
[ 3252.334910] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3252.336620] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3252.364724] syz-executor.1: attempt to access beyond end of device
[ 3252.364724] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3252.366571] Buffer I/O error on dev loop1, logical block 10, lost async page write
[ 3252.380057] syz-executor.7: attempt to access beyond end of device
[ 3252.380057] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3252.381919] Buffer I/O error on dev loop7, logical block 10, lost async page write
04:11:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fcntl$dupfd(r3, 0x0, r4)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r2, r4, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x100, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x81, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x5}, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendfile(r1, 0xffffffffffffffff, 0x0, 0x1)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xf8, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x44, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xa2}]}, @CTA_NAT_DST={0x5c, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:11:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

04:11:21 executing program 5:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x2, 0xee01, 0xee00, 0xee00, 0xffffffffffffffff, 0x80, 0x8}, 0x0, 0x0, 0x1ff, 0x74, 0x7, 0x2, 0x6, 0x3ff, 0x3, 0x0, 0x0, 0xffffffffffffffff})
msgsnd(0x0, &(0x7f0000000080)={0x1, "c54957401a68c990e95fe1a33788c3363b2eeb73af78d8d7627f79e6eb460f5028aa95548d2b0512181bf97544a26bb340e2856ff05f536620ea8233d4e8a961284dd2c00d4e37c947b630e7c2362e0559b10cb1bb6a0369163ca947bd793cca2d"}, 0x69, 0x800)
r0 = msgget(0x3, 0x440)
msgrcv(r0, &(0x7f0000000100)={0x0, ""/50}, 0x3a, 0x3, 0x3000)
r1 = msgget(0x1, 0x144)
msgctl$IPC_RMID(r1, 0x0)
msgrcv(r0, &(0x7f0000000140)={0x0, ""/9}, 0x11, 0x3, 0x7000)
r2 = msgget(0x0, 0x10)
msgget(0x2, 0x408)
r3 = msgget(0x3, 0x240)
msgsnd(r3, &(0x7f0000000180)={0x0, "2be0aa3a933a14ba28d80d6f63703fee2cec5d11f70a277d48b8b9f6a770f8a697ace6d4f4565dfbacf1bb7d7af8ba634e7c45231b8e7939681f0808c0c40e8c2cee25ebfb19fd5cb35f094a2af1fbbfeb3e2d5f5e209ce98380b22a5977d7e1b21937f5921e50ffb328831dfd47e7b97143e5541c286dc76b23805788c2beae85fb5c8aacd3425533382827816c251bb908ae1b6a25093409"}, 0xa1, 0x0)
msgrcv(r2, &(0x7f0000000240)={0x0, ""/52}, 0x3c, 0x3, 0x3000)
msgrcv(r1, &(0x7f0000000280)={0x0, ""/208}, 0xd8, 0x0, 0x1000)
msgrcv(r3, &(0x7f0000000380)={0x0, ""/109}, 0x75, 0x2, 0x3000)
msgsnd(r0, &(0x7f0000000400)={0x1, "deff7d8e46667c9c9e3c7478940e7c02e254386e64e8c129f16c72d9c3e2e88122c23bdbb98e8771"}, 0x30, 0x800)
r4 = getegid()
r5 = fcntl$getown(0xffffffffffffffff, 0x9)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000440)={{0x1, 0xffffffffffffffff, 0xee01, 0x0, r4, 0x0, 0x1000}, 0x0, 0x0, 0xff, 0x6, 0x5, 0xbe2, 0x7, 0x171b, 0xf9, 0x8, r5})
msgget$private(0x0, 0x81)
msgget$private(0x0, 0x404)

04:11:21 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r1, r0, 0x0, 0xfffffdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)

04:11:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf<D-\a\xf6\x15\xc1]\xc8\x85\xee\xe5\x1e\x0e\xda\x18\xd4^\xe7\x048\x9fN\xf2\xbaI\\\xc2\xa5\xf4\xe2L\xa9{=\xcd\xcf\xff\xb3\x83\x9d/\x00'/162, 0x0, 0xffffffffffffffff)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
sendfile(r2, r0, 0x0, 0xfffffdef)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000003c0)={0x5, 0x7ff, 0x4})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0x6c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_SEQ_ADJ_ORIG={0x4c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xe2ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x35b7}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x6c}}, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x2, 0x20, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x40400, 0x3, 0x7ee, 0x4, 0x5, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x400}, 0x0, 0x6, r1, 0x3)

[ 3252.664755] loop0: detected capacity change from 0 to 40
[ 3252.701037] loop7: detected capacity change from 0 to 40
[ 3252.714381] loop3: detected capacity change from 0 to 40
[ 3252.761747] loop1: detected capacity change from 0 to 40
[ 3252.855761] loop2: detected capacity change from 0 to 40
[ 3253.994565] ==================================================================
[ 3253.995514] BUG: KASAN: use-after-free in __lock_acquire+0x42c9/0x5e80
[ 3253.996334] Read of size 8 at addr ffff8880169503a8 by task syz-executor/16703
[ 3253.997219] 
[ 3253.997433] CPU: 1 PID: 16703 Comm: syz-executor Not tainted 6.1.0-rc3-next-20221101 #1
[ 3253.998376] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3253.999345] Call Trace:
[ 3253.999665]  <TASK>
[ 3253.999966]  dump_stack_lvl+0x8b/0xc3
[ 3254.000452]  print_report+0x175/0x478
[ 3254.000928]  ? __lock_acquire+0x42c9/0x5e80
[ 3254.001470]  kasan_report+0xbb/0x1d0
[ 3254.001951]  ? __lock_acquire+0x42c9/0x5e80
[ 3254.002501]  __lock_acquire+0x42c9/0x5e80
[ 3254.003029]  ? mark_lock.part.0+0x0/0x2f80
[ 3254.003574]  ? finish_task_switch.isra.0+0x22d/0x8b0
[ 3254.004212]  ? __lock_acquire+0x0/0x5e80
[ 3254.004722]  ? __switch_to+0x5bf/0xf30
[ 3254.005224]  lock_acquire+0x1a2/0x540
[ 3254.005716]  ? kmemleak_scan+0x1a0/0x1610
[ 3254.009810]  ? lock_acquire+0x0/0x540
[ 3254.010303]  ? __call_rcu_common.constprop.0+0x589/0xa50
[ 3254.010967]  ? __call_rcu_common.constprop.0+0x589/0xa50
[ 3254.011628]  ? lockdep_hardirqs_on+0x79/0x110
[ 3254.012208]  ? _raw_spin_lock_irq+0x41/0x60
[ 3254.012755]  _raw_spin_lock_irq+0x32/0x60
[ 3254.013269]  ? kmemleak_scan+0x1a0/0x1610
[ 3254.013775]  kmemleak_scan+0x1a0/0x1610
[ 3254.014275]  ? kmemleak_scan+0x0/0x1610
[ 3254.014765]  ? strncpy_from_user+0x204/0x3f0
[ 3254.015314]  kmemleak_write+0x570/0x690
[ 3254.015799]  ? kmemleak_write+0x0/0x690
[ 3254.016296]  ? debugfs_file_get+0x1ce/0x460
[ 3254.016817]  ? debugfs_file_get+0x0/0x460
[ 3254.017331]  full_proxy_write+0x11d/0x1a0
[ 3254.017837]  vfs_write+0x2cb/0xda0
[ 3254.018302]  ? full_proxy_write+0x0/0x1a0
[ 3254.018809]  ? vfs_write+0x0/0xda0
[ 3254.019266]  ? lock_release+0x3b2/0x760
[ 3254.019769]  ? __up_read+0x192/0x740
[ 3254.020254]  ? handle_mm_fault+0x696/0x970
[ 3254.020784]  ? __up_read+0x0/0x740
[ 3254.021236]  ? __fget_light+0x212/0x290
[ 3254.021755]  ksys_write+0x127/0x260
[ 3254.022220]  ? ksys_write+0x0/0x260
[ 3254.022691]  ? syscall_enter_from_user_mode+0x1d/0x60
[ 3254.023330]  ? syscall_enter_from_user_mode+0x1d/0x60
[ 3254.023988]  do_syscall_64+0x3b/0xa0
[ 3254.024475]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 3254.025104] RIP: 0033:0x7f3fce0705c3
[ 3254.025565] Code: 16 00 00 00 eb ae 90 b8 6e 00 00 00 eb a6 e8 44 ef 04 00 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[ 3254.027667] RSP: 002b:00007ffd6c980828 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 3254.028569] RAX: ffffffffffffffda RBX: 00007ffd6c980e68 RCX: 00007f3fce0705c3
[ 3254.029406] RDX: 0000000000000004 RSI: 00007f3fce126ed9 RDI: 0000000000000003
[ 3254.030249] RBP: 0000000000000002 R08: 0000000000000cb5 R09: 00007ffd6c9ac080
[ 3254.031083] R10: 00007ffd6c9ac090 R11: 0000000000000246 R12: 00000000fffffff6
[ 3254.031932] R13: 00007ffd6c982ef1 R14: 0000000000000000 R15: 000000000031a4b7
[ 3254.032790]  </TASK>
[ 3254.033084] 
[ 3254.033298] Allocated by task 127:
[ 3254.033723]  kasan_save_stack+0x1e/0x50
[ 3254.034250]  kasan_set_track+0x21/0x40
[ 3254.034755]  __kasan_slab_alloc+0x58/0x80
[ 3254.035292]  kmem_cache_alloc+0x1a9/0x3f0
[ 3254.035809]  __create_object+0x3d/0xc10
[ 3254.036324]  kmem_cache_alloc+0x235/0x3f0
[ 3254.036845]  __alloc_file+0x21/0x250
[ 3254.037310]  alloc_empty_file+0x6d/0x180
[ 3254.037805]  path_openat+0xd4/0x29c0
[ 3254.038271]  do_filp_open+0x1b6/0x420
[ 3254.038747]  do_sys_openat2+0x171/0x4d0
[ 3254.039253]  __x64_sys_openat+0x13f/0x200
[ 3254.039769]  do_syscall_64+0x3b/0xa0
[ 3254.040257]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 3254.040899] 
[ 3254.041113] Freed by task 13:
[ 3254.041499]  kasan_save_stack+0x1e/0x50
[ 3254.042003]  kasan_set_track+0x21/0x40
[ 3254.042498]  kasan_save_free_info+0x2a/0x60
[ 3254.043047]  __kasan_slab_free+0x106/0x1a0
[ 3254.043581]  kmem_cache_free+0xf7/0x620
[ 3254.044094]  rcu_core+0x7e2/0x2090
[ 3254.044567]  __do_softirq+0x1c3/0x8f5
[ 3254.045073] 
[ 3254.045301] Last potentially related work creation:
[ 3254.045910]  kasan_save_stack+0x1e/0x50
[ 3254.046424]  __kasan_record_aux_stack+0x95/0xc0
[ 3254.047037]  __call_rcu_common.constprop.0+0x6a/0xa50
[ 3254.047694]  kmem_cache_free+0xbd/0x620
[ 3254.048216]  rcu_core+0x7e2/0x2090
[ 3254.048684]  __do_softirq+0x1c3/0x8f5
[ 3254.049188] 
[ 3254.049413] Second to last potentially related work creation:
[ 3254.050123]  kasan_save_stack+0x1e/0x50
[ 3254.050638]  __kasan_record_aux_stack+0x95/0xc0
[ 3254.051248]  __call_rcu_common.constprop.0+0x6a/0xa50
[ 3254.051922]  __kmem_cache_free+0x91/0x410
[ 3254.052466]  skb_release_data+0x6d8/0x820
[ 3254.052998]  consume_skb+0xc2/0x170
[ 3254.053479]  mac80211_hwsim_tx_frame+0x1f6/0x2b0
[ 3254.054093]  mac80211_hwsim_beacon_tx+0x562/0xac0
[ 3254.054717]  __iterate_interfaces+0x2d3/0x570
[ 3254.055307]  ieee80211_iterate_active_interfaces_atomic+0x70/0x190
[ 3254.056123]  mac80211_hwsim_beacon+0x101/0x210
[ 3254.056710]  __hrtimer_run_queues+0x541/0xb60
[ 3254.057285]  hrtimer_run_softirq+0x172/0x350
[ 3254.057858]  __do_softirq+0x1c3/0x8f5
[ 3254.058366] 
[ 3254.058590] The buggy address belongs to the object at ffff888016950390
[ 3254.058590]  which belongs to the cache kmemleak_object of size 240
[ 3254.060145] The buggy address is located 24 bytes inside of
[ 3254.060145]  240-byte region [ffff888016950390, ffff888016950480)
[ 3254.061551] 
[ 3254.061774] The buggy address belongs to the physical page:
[ 3254.062465] page:00000000b8de51ac refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16950
[ 3254.063602] anon flags: 0x100000000000200(slab|node=0|zone=1)
[ 3254.064366] raw: 0100000000000200 ffff888007c4f780 ffffea0000615740 dead000000000005
[ 3254.065334] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000
[ 3254.066296] page dumped because: kasan: bad access detected
[ 3254.066989] 
[ 3254.067207] Memory state around the buggy address:
[ 3254.067812]  ffff888016950280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3254.068716]  ffff888016950300: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 3254.069619] >ffff888016950380: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3254.070512]                                   ^
[ 3254.071102]  ffff888016950400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3254.072016]  ffff888016950480: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 3254.072903] ==================================================================
[ 3254.073801] Disabling lock debugging due to kernel taint

VM DIAGNOSIS:
04:11:22  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffffffff81375f60 RCX=0000000000000000 RDX=1ffff1100843ef2f
RSI=ffffffff817b4ff9 RDI=ffff8880421f79e8 RBP=ffff8880421f79b8 RSP=ffff8880421f7918
R8 =ffffffff85cf0bd4 R9 =ffffffff85cf0bd8 R10=ffffed100843ef31 R11=ffff8880421f7960
R12=ffff8880421f79e8 R13=0000000000000000 R14=ffff888016500000 R15=0000000000000000
RIP=ffffffff81375f6a RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f8f463518c0 00000000 00000000
GS =0000 ffff88806d000000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe130939a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe1309398000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000563fc012a7f0 CR3=000000001e8d6000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff4ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffff00ffffffffffff0000000000
XMM02=3fc017d0d00000000000006b636f6c62 XMM03=000000000f00000000000037706f6f6c
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=ffffffffffff00000000000000000000
XMM06=00000000000065616124242f6867632f XMM07=00000000000000000000000000000000
XMM08=75253a75252f73252f7665642f007261 XMM09=00000000000000000000000000000000
XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff82451491 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff888042b2f248
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000036 R11=0000000000000001
R12=0000000000000036 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451480
RIP=ffffffff824514e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555555bf9400 00000000 00000000
GS =0000 ffff88806d100000 00000000 00000000
LDT=0000 ffff888000000000 00000000 00000000
TR =0040 fffffe37c3791000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe37c378f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8f45a15344 CR3=00000000399bc000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff4ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=000000010000000e0000563fc0147310
XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973
XMM04=0030323134323039323d44455a494c41 XMM05=3d4d554e51455300313d5145534b5349
XMM06=706f6f6c2f7665642f3d454d414e5645 XMM07=5f4b534944006b636f6c623d4d455453
XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000
XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000