0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2643.330614] FAULT_INJECTION: forcing a failure.
[ 2643.330614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2643.332383] CPU: 0 PID: 12430 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2643.333777] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2643.334733] Call Trace:
[ 2643.335162]  <TASK>
[ 2643.335479]  dump_stack_lvl+0x8f/0xb7
[ 2643.335970]  should_fail_ex.cold+0x5/0xa
[ 2643.336477]  _copy_from_user+0x30/0x1f0
[ 2643.336985]  iovec_from_user+0x2b3/0x450
[ 2643.337649]  ? lock_release+0x3b6/0x750
[ 2643.338156]  __import_iovec+0x6b/0x690
[ 2643.338824]  import_iovec+0x87/0xb0
[ 2643.339306]  copy_msghdr_from_user+0xed/0x150
[ 2643.339863]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2643.340690]  ? find_held_lock+0x2c/0x110
[ 2643.341233]  ___sys_sendmsg+0xdd/0x1b0
[ 2643.341885]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2643.342485]  ? lock_release+0x3b6/0x750
[ 2643.343101]  ? __fget_files+0x24e/0x450
[ 2643.343639]  ? __pfx_lock_release+0x10/0x10
[ 2643.344187]  ? lock_release+0x3b6/0x750
[ 2643.344707]  ? ksys_write+0x218/0x260
[ 2643.345242]  ? __fget_files+0x270/0x450
[ 2643.345810]  ? __fget_light+0xe5/0x280
[ 2643.346359]  __sys_sendmsg+0xf7/0x1d0
[ 2643.346901]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2643.347523]  ? syscall_enter_from_user_mode+0x1c/0x50
[ 2643.348233]  ? perf_trace_preemptirq_template+0xa6/0x420
[ 2643.349030]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2643.349750]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2643.350476]  do_syscall_64+0x3f/0x90
[ 2643.351013]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2643.351737] RIP: 0033:0x7f999fa68b19
[ 2643.352244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2643.354661] RSP: 002b:00007f999cfde188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2643.355736] RAX: ffffffffffffffda RBX: 00007f999fb7bf60 RCX: 00007f999fa68b19
[ 2643.356739] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 2643.357696] RBP: 00007f999cfde1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2643.358659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2643.359658] R13: 00007ffe6cf032df R14: 00007f999cfde300 R15: 0000000000022000
[ 2643.360654]  </TASK>
[ 2643.364992] syz-executor.2: attempt to access beyond end of device
[ 2643.364992] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2643.367880] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:37:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 5)

[ 2643.506980] syz-executor.7: attempt to access beyond end of device
[ 2643.506980] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2643.509912] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2643.525794] loop4: detected capacity change from 0 to 40
21:37:30 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2643.627604] loop2: detected capacity change from 0 to 40
[ 2643.690801] FAULT_INJECTION: forcing a failure.
[ 2643.690801] name failslab, interval 1, probability 0, space 0, times 0
[ 2643.692686] CPU: 1 PID: 12434 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2643.693699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2643.694685] Call Trace:
[ 2643.695026]  <TASK>
[ 2643.695343]  dump_stack_lvl+0x8f/0xb7
[ 2643.695866]  should_fail_ex.cold+0x5/0xa
[ 2643.696409]  should_failslab+0x9/0x20
[ 2643.696923]  __kmem_cache_alloc_node+0x5b/0x400
[ 2643.697528]  ? iter_file_splice_write+0x169/0xcb0
[ 2643.698165]  ? iter_file_splice_write+0x169/0xcb0
[ 2643.698801]  __kmalloc+0x46/0xc0
[ 2643.699255]  iter_file_splice_write+0x169/0xcb0
[ 2643.699891]  ? generic_file_splice_read+0x1bc/0x4d0
[ 2643.700557]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2643.701251]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 2643.701971]  ? inode_security+0x105/0x140
[ 2643.702547]  ? security_file_permission+0xb5/0xe0
[ 2643.703204]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2643.703923]  direct_splice_actor+0x113/0x180
[ 2643.704531]  splice_direct_to_actor+0x33a/0x8c0
[ 2643.705157]  ? __pfx_direct_splice_actor+0x10/0x10
[ 2643.705826]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 2643.706525]  ? security_file_permission+0xb5/0xe0
[ 2643.707185]  do_splice_direct+0x1bc/0x290
[ 2643.707770]  ? __pfx_do_splice_direct+0x10/0x10
[ 2643.708419]  ? lock_is_held_type+0xdb/0x130
[ 2643.709003]  do_sendfile+0xb1d/0x1280
[ 2643.709538]  ? __pfx_do_sendfile+0x10/0x10
[ 2643.710129]  __x64_sys_sendfile64+0x248/0x2a0
[ 2643.710741]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 2643.711424]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2643.712100]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2643.712789]  do_syscall_64+0x3f/0x90
[ 2643.713299]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2643.713985] RIP: 0033:0x7f55ec4f1b19
[ 2643.714480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2643.717022] RSP: 002b:00007f55e9a67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2643.718052] RAX: ffffffffffffffda RBX: 00007f55ec604f60 RCX: 00007f55ec4f1b19
[ 2643.718971] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2643.719887] RBP: 00007f55e9a671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2643.720784] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 2643.721697] R13: 00007ffff83f85bf R14: 00007f55e9a67300 R15: 0000000000022000
[ 2643.722648]  </TASK>
[ 2643.878975] syz-executor.4: attempt to access beyond end of device
[ 2643.878975] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2643.880907] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:37:45 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 3)

21:37:45 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:37:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:37:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:37:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:37:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 6)

21:37:45 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000380)={0xffffffffffffffff, r0, 0x401})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

[ 2659.174074] loop3: detected capacity change from 0 to 40
[ 2659.178725] loop4: detected capacity change from 0 to 40
[ 2659.187132] FAT-fs (loop5): bogus number of reserved sectors
[ 2659.187681] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2659.189149] FAT-fs (loop3): invalid media value (0x00)
[ 2659.189612] FAT-fs (loop3): Can't find a valid FAT filesystem
21:37:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2659.201420] FAULT_INJECTION: forcing a failure.
[ 2659.201420] name failslab, interval 1, probability 0, space 0, times 0
[ 2659.201473] loop2: detected capacity change from 0 to 40
[ 2659.202155] CPU: 1 PID: 12455 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2659.202174] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2659.202184] Call Trace:
[ 2659.204111]  <TASK>
[ 2659.204270]  dump_stack_lvl+0x8f/0xb7
[ 2659.204547]  should_fail_ex.cold+0x5/0xa
[ 2659.204836]  ? __alloc_skb+0x21a/0x310
[ 2659.205111]  should_failslab+0x9/0x20
[ 2659.205374]  kmem_cache_alloc_node+0x5d/0x420
[ 2659.205704]  __alloc_skb+0x21a/0x310
[ 2659.205971]  netlink_sendmsg+0x9a2/0xe10
[ 2659.206267]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2659.206602]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2659.206934]  sock_sendmsg+0x158/0x190
[ 2659.207206]  ____sys_sendmsg+0x744/0x930
[ 2659.207516]  ? copy_msghdr_from_user+0xfc/0x150
[ 2659.207845]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2659.208176]  ? find_held_lock+0x2c/0x110
[ 2659.208470]  ___sys_sendmsg+0x110/0x1b0
[ 2659.208745]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2659.209061]  ? __fget_files+0x24e/0x450
[ 2659.209338]  ? __pfx_lock_release+0x10/0x10
[ 2659.209649]  ? lock_release+0x3b6/0x750
[ 2659.209929]  ? ksys_write+0x218/0x260
[ 2659.210207]  ? __fget_files+0x270/0x450
[ 2659.210492]  ? __fget_light+0xe5/0x280
[ 2659.210772]  __sys_sendmsg+0xf7/0x1d0
[ 2659.211047]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2659.211347]  ? syscall_enter_from_user_mode+0x1c/0x50
[ 2659.211716]  ? perf_trace_preemptirq_template+0xa6/0x420
[ 2659.212102]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2659.212452]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2659.212831]  do_syscall_64+0x3f/0x90
[ 2659.213108]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2659.213485] RIP: 0033:0x7f999fa68b19
[ 2659.213757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2659.215042] RSP: 002b:00007f999cfde188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2659.215580] RAX: ffffffffffffffda RBX: 00007f999fb7bf60 RCX: 00007f999fa68b19
[ 2659.216079] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 2659.216588] RBP: 00007f999cfde1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2659.217100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2659.217600] R13: 00007ffe6cf032df R14: 00007f999cfde300 R15: 0000000000022000
[ 2659.218114]  </TASK>
[ 2659.242227] loop7: detected capacity change from 0 to 40
21:37:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 4)

[ 2659.536643] syz-executor.4: attempt to access beyond end of device
[ 2659.536643] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2659.537794] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2659.555773] syz-executor.2: attempt to access beyond end of device
[ 2659.555773] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2659.556904] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:37:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 7)

21:37:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 5)

21:37:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2659.837024] syz-executor.7: attempt to access beyond end of device
[ 2659.837024] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2659.839259] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2659.847965] loop2: detected capacity change from 0 to 40
[ 2659.848952] loop4: detected capacity change from 0 to 40
[ 2660.015260] syz-executor.2: attempt to access beyond end of device
[ 2660.015260] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2660.016689] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:37:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 6)

21:37:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:37:46 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:37:46 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:37:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 8)

[ 2660.173172] FAT-fs (loop5): bogus number of reserved sectors
[ 2660.173681] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2660.217098] loop2: detected capacity change from 0 to 40
[ 2660.230362] loop3: detected capacity change from 0 to 40
[ 2660.261107] FAT-fs (loop3): invalid media value (0x00)
[ 2660.262162] FAT-fs (loop3): Can't find a valid FAT filesystem
21:37:46 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:37:46 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000480)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'})
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
llistxattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)=""/151, 0x97)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

[ 2660.357608] loop7: detected capacity change from 0 to 40
[ 2660.429791] syz-executor.4: attempt to access beyond end of device
[ 2660.429791] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2660.430857] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2660.591023] syz-executor.2: attempt to access beyond end of device
[ 2660.591023] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2660.592547] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2660.680633] syz-executor.7: attempt to access beyond end of device
[ 2660.680633] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2660.681701] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:38:04 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 7)

21:38:04 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
openat(r3, &(0x7f0000000380)='./file0\x00', 0x1, 0x160)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:04 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:04 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 9)

21:38:04 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:04 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:04 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2677.681988] loop3: detected capacity change from 0 to 40
[ 2677.688984] FAT-fs (loop3): invalid media value (0x00)
[ 2677.689934] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 2677.769657] loop7: detected capacity change from 0 to 40
[ 2677.774006] loop4: detected capacity change from 0 to 40
[ 2677.783233] loop2: detected capacity change from 0 to 40
[ 2677.788185] FAULT_INJECTION: forcing a failure.
[ 2677.788185] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2677.789708] CPU: 1 PID: 12513 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2677.790721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2677.791728] Call Trace:
[ 2677.792069]  <TASK>
[ 2677.792367]  dump_stack_lvl+0x8f/0xb7
[ 2677.792874]  should_fail_ex.cold+0x5/0xa
[ 2677.793399]  _copy_from_iter+0x477/0x1130
[ 2677.793953]  ? lock_is_held_type+0xdb/0x130
[ 2677.794507]  ? __pfx__copy_from_iter+0x10/0x10
[ 2677.795105]  ? memset+0x24/0x50
[ 2677.795565]  ? __build_skb_around+0x279/0x340
[ 2677.796164]  ? __virt_addr_valid+0x102/0x340
[ 2677.796767]  ? __check_object_size+0x384/0x700
[ 2677.797392]  netlink_sendmsg+0x876/0xe10
[ 2677.797960]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2677.798595]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2677.799218]  sock_sendmsg+0x158/0x190
[ 2677.799767]  ____sys_sendmsg+0x744/0x930
[ 2677.800329]  ? copy_msghdr_from_user+0xfc/0x150
[ 2677.800943]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2677.801572]  ? find_held_lock+0x2c/0x110
[ 2677.802131]  ___sys_sendmsg+0x110/0x1b0
[ 2677.802672]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2677.803272]  ? __fget_files+0x24e/0x450
[ 2677.803816]  ? __pfx_lock_release+0x10/0x10
[ 2677.804397]  ? lock_release+0x3b6/0x750
[ 2677.804936]  ? ksys_write+0x218/0x260
[ 2677.805465]  ? __fget_files+0x270/0x450
[ 2677.806000]  ? __fget_light+0xe5/0x280
[ 2677.806523]  __sys_sendmsg+0xf7/0x1d0
[ 2677.807034]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2677.807621]  ? syscall_enter_from_user_mode+0x1c/0x50
[ 2677.808320]  ? perf_trace_preemptirq_template+0xa6/0x420
[ 2677.809054]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2677.809741]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2677.810453]  do_syscall_64+0x3f/0x90
[ 2677.810971]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2677.811648] RIP: 0033:0x7f999fa68b19
[ 2677.812165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2677.814448] RSP: 002b:00007f999cfde188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2677.815430] RAX: ffffffffffffffda RBX: 00007f999fb7bf60 RCX: 00007f999fa68b19
[ 2677.816349] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 2677.817255] RBP: 00007f999cfde1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2677.818153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2677.819051] R13: 00007ffe6cf032df R14: 00007f999cfde300 R15: 0000000000022000
[ 2677.820022]  </TASK>
[ 2677.841412] FAT-fs (loop5): bogus number of reserved sectors
[ 2677.842205] FAT-fs (loop5): Can't find a valid FAT filesystem
21:38:04 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 8)

[ 2678.190651] syz-executor.7: attempt to access beyond end of device
[ 2678.190651] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2678.192591] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2678.220518] FAULT_INJECTION: forcing a failure.
[ 2678.220518] name failslab, interval 1, probability 0, space 0, times 0
[ 2678.222100] CPU: 0 PID: 12523 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2678.223191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2678.224501] Call Trace:
[ 2678.224861]  <TASK>
[ 2678.225171]  dump_stack_lvl+0x8f/0xb7
[ 2678.225738]  should_fail_ex.cold+0x5/0xa
[ 2678.226317]  should_failslab+0x9/0x20
[ 2678.226848]  __kmem_cache_alloc_node+0x5b/0x400
[ 2678.227504]  ? xfrm_policy_alloc+0x95/0x460
[ 2678.228128]  kmalloc_trace+0x26/0x60
[ 2678.228652]  xfrm_policy_alloc+0x95/0x460
[ 2678.229221]  xfrm_policy_construct+0x2f/0x5f0
[ 2678.229864]  xfrm_add_policy+0x27b/0x5d0
[ 2678.230299]  ? find_held_lock+0x2c/0x110
[ 2678.230867]  ? __pfx_xfrm_add_policy+0x10/0x10
[ 2678.231517]  ? security_capable+0x99/0xc0
[ 2678.232126]  ? __nla_parse+0x42/0x60
[ 2678.232664]  ? __pfx_xfrm_add_policy+0x10/0x10
[ 2678.233306]  xfrm_user_rcv_msg+0x418/0x830
[ 2678.233906]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 2678.234587]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2678.235356]  ? __pfx_lock_acquire+0x10/0x10
[ 2678.235957]  ? __pfx___lock_acquire+0x10/0x10
[ 2678.236593]  netlink_rcv_skb+0x15d/0x450
[ 2678.237153]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 2678.237806]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2678.238478]  ? __pfx_lock_release+0x10/0x10
[ 2678.239074]  ? netlink_deliver_tap+0x1b2/0xc30
[ 2678.239745]  xfrm_netlink_rcv+0x6f/0x90
[ 2678.240167]  netlink_unicast+0x552/0x800
[ 2678.240744]  ? __pfx_netlink_unicast+0x10/0x10
[ 2678.241380]  ? __virt_addr_valid+0x102/0x340
[ 2678.242010]  netlink_sendmsg+0x919/0xe10
[ 2678.242453]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2678.243100]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2678.243576]  sock_sendmsg+0x158/0x190
[ 2678.244108]  ____sys_sendmsg+0x744/0x930
[ 2678.244531]  ? copy_msghdr_from_user+0xfc/0x150
[ 2678.245153]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2678.245631]  ? find_held_lock+0x2c/0x110
[ 2678.246192]  ___sys_sendmsg+0x110/0x1b0
[ 2678.246606]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2678.247226]  ? __fget_files+0x24e/0x450
[ 2678.247638]  ? __pfx_lock_release+0x10/0x10
[ 2678.248238]  ? lock_release+0x3b6/0x750
[ 2678.248654]  ? ksys_write+0x218/0x260
[ 2678.249195]  ? __fget_files+0x270/0x450
[ 2678.249611]  ? __fget_light+0xe5/0x280
[ 2678.250153]  __sys_sendmsg+0xf7/0x1d0
[ 2678.250559]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2678.251158]  ? syscall_enter_from_user_mode+0x1c/0x50
[ 2678.251674]  ? perf_trace_preemptirq_template+0xa6/0x420
[ 2678.252425]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2678.252945]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2678.253641]  do_syscall_64+0x3f/0x90
[ 2678.254039]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2678.254746] RIP: 0033:0x7f999fa68b19
[ 2678.255133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2678.257469] RSP: 002b:00007f999cfde188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2678.258209] RAX: ffffffffffffffda RBX: 00007f999fb7bf60 RCX: 00007f999fa68b19
[ 2678.259131] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 2678.260086] RBP: 00007f999cfde1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2678.261031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2678.261979] R13: 00007ffe6cf032df R14: 00007f999cfde300 R15: 0000000000022000
[ 2678.262958]  </TASK>
21:38:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2678.376441] syz-executor.4: attempt to access beyond end of device
[ 2678.376441] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2678.378687] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2678.406046] syz-executor.2: attempt to access beyond end of device
[ 2678.406046] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2678.408533] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2678.458427] loop7: detected capacity change from 0 to 40
21:38:05 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 9)

21:38:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 10)

21:38:05 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:05 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
sendmsg$NL80211_CMD_DEL_MPATH(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x44, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x80, 0x73}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x80)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x8}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2678.692619] syz-executor.7: attempt to access beyond end of device
[ 2678.692619] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2678.694083] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2678.713277] loop3: detected capacity change from 0 to 40
[ 2678.734746] loop2: detected capacity change from 0 to 40
[ 2678.745657] FAT-fs (loop3): invalid media value (0x00)
[ 2678.746552] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 2678.823203] loop4: detected capacity change from 0 to 40
[ 2679.061756] syz-executor.2: attempt to access beyond end of device
[ 2679.061756] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2679.063793] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2679.085235] syz-executor.4: attempt to access beyond end of device
[ 2679.085235] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2679.088662] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:38:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2804}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x9, 0x30, r0, 0xeec6000)
r2 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file2\x00', 0x220040, 0x101)
write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[], 0x220)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x200, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, 0xffffffffffffffff)
r4 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r5 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
write$bt_hci(r4, 0x0, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x73, 0x0, 0xe7, 0x0, 0xff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x1000}, 0x0, 0x400010, 0xffffffffffffffff, 0x0)
sendfile(r2, r6, 0x0, 0xfffffded)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x86, 0x100080, 0x100000, {r2}}, 0x20)

21:38:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 10)

21:38:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 11)

21:38:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2695.862595] FAULT_INJECTION: forcing a failure.
[ 2695.862595] name failslab, interval 1, probability 0, space 0, times 0
[ 2695.864292] CPU: 1 PID: 12550 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2695.865336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2695.866369] Call Trace:
[ 2695.866708]  <TASK>
[ 2695.867019]  dump_stack_lvl+0x8f/0xb7
[ 2695.867557]  should_fail_ex.cold+0x5/0xa
[ 2695.868126]  ? __alloc_skb+0x21a/0x310
[ 2695.868651]  should_failslab+0x9/0x20
[ 2695.868997] loop3: detected capacity change from 0 to 40
[ 2695.869145]  kmem_cache_alloc_node+0x5d/0x420
[ 2695.870563]  __alloc_skb+0x21a/0x310
[ 2695.871086]  xfrm_send_policy_notify+0x4e2/0x1630
[ 2695.871767]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2695.872420]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[ 2695.873175]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[ 2695.873880]  km_policy_notify+0xb5/0x200
[ 2695.874470]  xfrm_add_policy+0x427/0x5d0
[ 2695.875052]  ? find_held_lock+0x2c/0x110
[ 2695.875597]  ? __pfx_xfrm_add_policy+0x10/0x10
[ 2695.876267]  ? __nla_parse+0x42/0x60
[ 2695.876795]  ? __pfx_xfrm_add_policy+0x10/0x10
[ 2695.877440]  xfrm_user_rcv_msg+0x418/0x830
[ 2695.878036]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 2695.878687]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2695.879429]  ? __pfx_lock_acquire+0x10/0x10
[ 2695.880042]  ? __pfx___lock_acquire+0x10/0x10
[ 2695.880659]  netlink_rcv_skb+0x15d/0x450
[ 2695.881233]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 2695.881872]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2695.882551]  ? __pfx_lock_release+0x10/0x10
[ 2695.883153]  ? netlink_deliver_tap+0x1b2/0xc30
[ 2695.883784]  xfrm_netlink_rcv+0x6f/0x90
[ 2695.884352]  netlink_unicast+0x552/0x800
[ 2695.884912]  ? __pfx_netlink_unicast+0x10/0x10
[ 2695.885537]  ? __virt_addr_valid+0x102/0x340
[ 2695.886159]  netlink_sendmsg+0x919/0xe10
[ 2695.886727]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2695.887357]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2695.887998]  sock_sendmsg+0x158/0x190
[ 2695.888513]  ____sys_sendmsg+0x744/0x930
[ 2695.889078]  ? copy_msghdr_from_user+0xfc/0x150
[ 2695.889684]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2695.890320]  ? find_held_lock+0x2c/0x110
[ 2695.890851]  ___sys_sendmsg+0x110/0x1b0
[ 2695.891402]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2695.892014]  ? __fget_files+0x24e/0x450
[ 2695.892549]  ? __pfx_lock_release+0x10/0x10
[ 2695.893138]  ? lock_release+0x3b6/0x750
[ 2695.893676]  ? ksys_write+0x218/0x260
[ 2695.894224]  ? __fget_files+0x270/0x450
[ 2695.894751]  ? __fget_light+0xe5/0x280
[ 2695.895292]  __sys_sendmsg+0xf7/0x1d0
[ 2695.895797]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2695.896405]  ? syscall_enter_from_user_mode+0x1c/0x50
[ 2695.897108]  ? perf_trace_preemptirq_template+0xa6/0x420
[ 2695.897841]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2695.898545]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2695.899233]  do_syscall_64+0x3f/0x90
[ 2695.899755]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2695.900460] RIP: 0033:0x7f999fa68b19
[ 2695.900969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2695.903330] RSP: 002b:00007f999cfde188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2695.904350] RAX: ffffffffffffffda RBX: 00007f999fb7bf60 RCX: 00007f999fa68b19
[ 2695.904968] loop4: detected capacity change from 0 to 40
[ 2695.905275] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 2695.907009] RBP: 00007f999cfde1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2695.907963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2695.908895] R13: 00007ffe6cf032df R14: 00007f999cfde300 R15: 0000000000022000
[ 2695.909874]  </TASK>
[ 2695.914571] FAT-fs (loop3): invalid media value (0x00)
[ 2695.915467] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 2695.935271] FAT-fs (loop5): bogus number of reserved sectors
[ 2695.936170] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2695.937804] loop2: detected capacity change from 0 to 40
[ 2695.938949] loop7: detected capacity change from 0 to 40
21:38:22 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x1)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f0000000380)={0xa99, 0xd50f, 0x5, 0x6, 0x6aa42e51, 0x8, 0xffffffff80000001, 0x200}, &(0x7f00000003c0)={0x0, 0x8000, 0x8, 0xa47, 0x2, 0xfffffffffffffff7, 0x10001, 0x1}, &(0x7f0000000400)={0x22, 0xfe, 0x0, 0x1, 0x3f, 0xa02e, 0x3, 0x28000}, &(0x7f0000000440)={0x0, 0x3938700}, &(0x7f00000004c0)={&(0x7f0000000480)={[0x8]}, 0x8})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

[ 2696.245737] syz-executor.7: attempt to access beyond end of device
[ 2696.245737] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2696.247924] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:38:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 11)

[ 2696.371811] syz-executor.4: attempt to access beyond end of device
[ 2696.371811] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2696.373809] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2696.439971] syz-executor.2: attempt to access beyond end of device
[ 2696.439971] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2696.441839] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:38:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 12)

21:38:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 12)

21:38:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2696.638245] loop7: detected capacity change from 0 to 40
[ 2696.773197] loop2: detected capacity change from 0 to 40
[ 2696.777868] loop4: detected capacity change from 0 to 40
21:38:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 13)

21:38:23 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2696.960862] syz-executor.7: attempt to access beyond end of device
[ 2696.960862] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2696.962840] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2697.015885] loop3: detected capacity change from 0 to 40
[ 2697.033659] FAT-fs (loop5): bogus number of reserved sectors
[ 2697.034588] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2697.036771] FAT-fs (loop3): invalid media value (0x00)
[ 2697.037356] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 2697.125599] syz-executor.2: attempt to access beyond end of device
[ 2697.125599] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2697.126999] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2697.151854] syz-executor.4: attempt to access beyond end of device
[ 2697.151854] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2697.153162] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2711.754207] loop2: detected capacity change from 0 to 40
[ 2711.755527] FAULT_INJECTION: forcing a failure.
[ 2711.755527] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2711.756577] CPU: 1 PID: 12602 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2711.757135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2711.757696] Call Trace:
[ 2711.757878]  <TASK>
[ 2711.758040]  dump_stack_lvl+0x8f/0xb7
[ 2711.758323]  should_fail_ex.cold+0x5/0xa
[ 2711.758612]  _copy_to_user+0x30/0x1c0
[ 2711.759140]  simple_read_from_buffer+0xd0/0x170
[ 2711.759536]  proc_fail_nth_read+0x19c/0x230
[ 2711.759947]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2711.760313]  ? security_file_permission+0xb5/0xe0
[ 2711.760685]  vfs_read+0x2e1/0x9f0
[ 2711.760940]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2711.761274]  ? __pfx_vfs_read+0x10/0x10
[ 2711.761568]  ? __fget_files+0x270/0x450
[ 2711.761863]  ksys_read+0x12b/0x260
[ 2711.762120]  ? __pfx_ksys_read+0x10/0x10
[ 2711.762419]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2711.762791]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2711.763161]  do_syscall_64+0x3f/0x90
[ 2711.763435]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2711.763811] RIP: 0033:0x7f999fa1b69c
[ 2711.764085] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2711.765366] RSP: 002b:00007f999cfde170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2711.765916] RAX: ffffffffffffffda RBX: 00000000000000b8 RCX: 00007f999fa1b69c
[ 2711.766420] RDX: 000000000000000f RSI: 00007f999cfde1e0 RDI: 0000000000000004
[ 2711.766473] loop5: detected capacity change from 0 to 40
[ 2711.766916] RBP: 00007f999cfde1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2711.768084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2711.768601] R13: 00007ffe6cf032df R14: 00007f999cfde300 R15: 0000000000022000
[ 2711.769135]  </TASK>
[ 2711.773656] loop7: detected capacity change from 0 to 40
21:38:38 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:38 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:38 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file2\x00'})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file2\x00', 0x8041, 0x2)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x40000, 0x7, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:38:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:38 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) (fail_nth: 14)

21:38:38 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 13)

21:38:38 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2711.785811] FAT-fs (loop5): bogus number of reserved sectors
[ 2711.786798] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2711.811640] loop4: detected capacity change from 0 to 40
[ 2711.827114] loop3: detected capacity change from 0 to 40
[ 2711.841099] FAULT_INJECTION: forcing a failure.
[ 2711.841099] name failslab, interval 1, probability 0, space 0, times 0
[ 2711.842241] CPU: 1 PID: 12601 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2711.842818] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2711.843391] Call Trace:
[ 2711.843581]  <TASK>
[ 2711.843749]  dump_stack_lvl+0x8f/0xb7
[ 2711.844045]  should_fail_ex.cold+0x5/0xa
[ 2711.844380]  should_failslab+0x9/0x20
[ 2711.844669]  __kmem_cache_alloc_node+0x5b/0x400
[ 2711.845013]  ? iter_file_splice_write+0x169/0xcb0
[ 2711.845395]  ? iter_file_splice_write+0x169/0xcb0
[ 2711.845751]  __kmalloc+0x46/0xc0
[ 2711.846001]  iter_file_splice_write+0x169/0xcb0
[ 2711.846340]  ? generic_file_splice_read+0x1bc/0x4d0
[ 2711.846698]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2711.847064]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 2711.847446]  ? inode_security+0x105/0x140
[ 2711.847762]  ? security_file_permission+0xb5/0xe0
[ 2711.848123]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2711.848508]  direct_splice_actor+0x113/0x180
[ 2711.848830]  splice_direct_to_actor+0x33a/0x8c0
[ 2711.849170]  ? __pfx_direct_splice_actor+0x10/0x10
[ 2711.849531]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 2711.849902]  ? security_file_permission+0xb5/0xe0
[ 2711.850264]  do_splice_direct+0x1bc/0x290
[ 2711.850567]  ? __pfx_do_splice_direct+0x10/0x10
[ 2711.850928]  ? lock_is_held_type+0xdb/0x130
[ 2711.851097] FAT-fs (loop3): bogus number of FAT sectors
[ 2711.851233]  do_sendfile+0xb1d/0x1280
[ 2711.852061] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 2711.852300]  ? __pfx_do_sendfile+0x10/0x10
[ 2711.852335]  __x64_sys_sendfile64+0x248/0x2a0
[ 2711.852363]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 2711.854147]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2711.854525]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2711.854891]  do_syscall_64+0x3f/0x90
[ 2711.855179]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2711.855545] RIP: 0033:0x7f55ec4f1b19
[ 2711.855817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2711.857033] RSP: 002b:00007f55e9a67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2711.857578] RAX: ffffffffffffffda RBX: 00007f55ec604f60 RCX: 00007f55ec4f1b19
[ 2711.858076] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2711.858577] RBP: 00007f55e9a671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2711.859089] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 2711.859601] R13: 00007ffff83f85bf R14: 00007f55e9a67300 R15: 0000000000022000
[ 2711.860143]  </TASK>
21:38:38 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:38:38 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:38:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 14)

[ 2712.416579] loop2: detected capacity change from 0 to 40
[ 2712.466808] syz-executor.4: attempt to access beyond end of device
[ 2712.466808] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2712.468916] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2712.750248] syz-executor.2: attempt to access beyond end of device
[ 2712.750248] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2712.752729] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:38:57 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:38:57 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file3\x00', 0x80900, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, 0x0, 0x0, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x4000010)
close(r0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff, 0x1}, 0x820, 0x7, 0x0, 0x0, 0x8, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x58f0d, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:38:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:38:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 15)

21:38:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2731.303903] loop5: detected capacity change from 0 to 40
[ 2731.308122] loop2: detected capacity change from 0 to 40
[ 2731.314903] FAT-fs (loop5): bogus number of reserved sectors
[ 2731.315680] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2731.349192] loop7: detected capacity change from 0 to 40
[ 2731.363032] loop4: detected capacity change from 0 to 40
[ 2731.375216] loop3: detected capacity change from 0 to 40
21:38:58 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x3, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2731.388897] FAT-fs (loop3): bogus number of FAT sectors
[ 2731.389862] FAT-fs (loop3): Can't find a valid FAT filesystem
21:38:58 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x4, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2731.696889] syz-executor.2: attempt to access beyond end of device
[ 2731.696889] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2731.698841] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2731.773217] syz-executor.4: attempt to access beyond end of device
[ 2731.773217] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2731.775782] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:38:58 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x6, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:38:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 16)

[ 2732.123899] loop4: detected capacity change from 0 to 40
[ 2732.250269] loop2: detected capacity change from 0 to 40
21:38:58 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:38:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2732.386881] syz-executor.4: attempt to access beyond end of device
[ 2732.386881] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2732.388883] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:38:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2732.512443] loop3: detected capacity change from 0 to 40
[ 2732.533835] FAT-fs (loop3): bogus number of FAT sectors
[ 2732.534640] FAT-fs (loop3): Can't find a valid FAT filesystem
21:38:59 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x9, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2732.556912] loop5: detected capacity change from 0 to 40
[ 2732.587788] FAT-fs (loop5): bogus number of reserved sectors
[ 2732.588733] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2732.598206] loop7: detected capacity change from 0 to 40
21:38:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r4, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:38:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2732.694082] syz-executor.2: attempt to access beyond end of device
[ 2732.694082] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2732.696011] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2732.796891] loop4: detected capacity change from 0 to 40
21:38:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 17)

21:38:59 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:38:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000380)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2004404, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5bfb64ff8800ffbef6111a4ba240ca33d4f312c23c980ad7e4d01fd28400d1f9b4595025acccbad7bf8e7555c88494f96ac6ede275c9cdf3b2779af"], 0xb8}}, 0x0)
dup(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x0, {r0}}, 0x20)

[ 2732.991237] loop2: detected capacity change from 0 to 40
21:38:59 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2733.310061] syz-executor.2: attempt to access beyond end of device
[ 2733.310061] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2733.312203] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2733.382955] syz-executor.4: attempt to access beyond end of device
[ 2733.382955] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2733.384627] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:39:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 18)

[ 2733.617427] loop2: detected capacity change from 0 to 40
[ 2733.813697] syz-executor.2: attempt to access beyond end of device
[ 2733.813697] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2733.815184] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:39:18 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:39:18 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:39:18 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000001400)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17, 0x4}, {0x0, 0x0, 0x800000000000007}, {&(0x7f0000001480)="0d685769b8a953b929b888300721b2215770e0a885341c1f697098f85fdbc3ab8d4016d82583998c578d75dabd600b2d8c97ac6da9ab209ff3108df1bd8826644529434f46caaf3fabe3f4ad246822b41691baf06547aef2d09fded35484cc32ccf3e9edae60087c06fe4cdc7c3fe42319f0ac7e3cb9661ab36a5b270e06c355e5f887b7c9c5905e3ce0ca814aeff4af4f4aa7f81582301c2c18d177c42d6d70b850564a93a217cb1dd09e30421bdf4df79218a3daf4272778963839be00a866f928a23c9dd87013422aec1c8c656d044332081f922017a5ece1cf721622830f7aaaad6cc97590255ba03b5356ea57e59a5ac191cd3ab8d16042e1854c97a538c4a4ccad603cedaa015011623a645fd3d2d9674479d8fb75ef66521fd25fd940b6388b1746797e66debf841470e532d3f21084d6e5be2d3cfe221d970bdc542df2fb11d0ea31ff60bbfd0a1b54ec28dc0c8cbf219c2b80ec738046abbde9ddc0f183a063f15c506b561e06502b797049fc1421ecff789ca9ea3cbe5a6e7cfb2d882145330022f316251791d8f022786939623d0e67bea5de5de29f3a602ce6d4f2f4ca3db2d38feaa3e7a0b9622c49428032b8092a49471599166ac5e0b98879c4185a71fcf9efbaac4026485900680485f8ead4a45ec86f94d4b1d3cb835e7acacf49db19cce0cef5e562de6e068495b334ceb90f07c4c1517f6abc01d43759e3c29bcfb1697f4ed3ba0ead32c78f8c8d212d16fdf7e85b8929adad41768cd983eb44d203765e88870928f95a214070f8647cd2e3896be1b905b035e84bc8b9bdd75c475076701e1fcba9501580149da40f18bafd4b18d690f954c22d5aa4bd64fecf317d255fcf58ec8eae0226a18714aaac58ec2163711d77757630d3fea5651b7d9184f8d7786d95caff7147a27fc61478d3a9dadf542253a428855dcc248ad8564d9c597c2d04c127c97eb072b08331a0ae325ff8f70d57fd3173529190f1730357e7fd9dcbe1cbe25eaecd67e882411f58bdd9762e9ed05917f51d564dfc0db0b39935bc044f5e56fbc2c033adc471c75f5e49e80de7c65c260bdb763de60a7f625b26d3e292f0afacd7e0222eebfb6576c4d891f8e40cf4ccaedb2e89b5305ecaee6e0b2b8675453912ae7acf0c8b0ad7f31b1b4a6a567b3f1cde30ba1ba5d0454773aec782f459061f403162147f6929810847d0610150f6e8bab8d84271bc79f6eaf61a26a25b8f278d2d7697cc424909799a4e36aa0c600ddc6658c09fc2f3d26b884231a18ce55c63a7f1b6eaf26350b234d69a8b2dd5dbc574957bd7e56204a83b9a522d6ef815ad3ad8b149faf2791c45f0ad4b6de4b25b7063342495910a82ca4e1513a729abe49c8da4125f03d084a788089f2651dba9faf00ac8741f7ab1f09b4530a949396d8690b0391b17723e1319e7ef99b728a99425a28eaf7932ed338cf4877fbf53551ef7709e13a9aba33c6cf8fdb58f656059e647456c626fb3933d380b554ecd16dfb381a0040229b7dd9f00374811bc7129449f566723a3d3e9102fcc35e945a173e4efea5ee04d0c350046ecb15adb56991425b04e1a9201561b8b6fae83bd774746fa6f87ba70df457f43d34f9c05b366b061db9f46bf680221585fa466824e4c5ebc3c72a57c3d4c4147e1d77431251c64c8123142d9c0d153a144dc4356ef6319a49492e2ae1d7ecb94a7ef9b52b96b9fd6817a7717d8ec9edc3bf9700b53e3850ee17d81b26ef3e7c58a89d8fcaa8902a922a4e4fba8fc141ed29f97987e29c104829b1df95a0512eeea582ea7059210680687b770ee6c18db0fb817679a5a1857423de1d92ae440e3f2b9f311e4e50f6a74f6fba7496f1d38db5c635dcd49dc27669e293be6e1310e92224a6b2363dcc031539d38e6bb2dfe57330bd1f01eedb666b5c66c8be0d0d68cf341c5bcdf5aee6e4cba0621efc7f1f598893afd85850f8a2612f223f93b28803b5d5eeb01fd76583a76287b0bccf4880d624b7f83733c6cb29261dbb36c78d39ec145b20868038c82ba182b04cf36a0e8f7b5638831e3313bb24b21913255f23ac4fe0ec8a58a610d89cca437a56def361729802f026b19ca84f1b2272348e99c074c72aba325d0d450ec3bb024895170e63ba39b3fec9b85f497307e96a04ba87a5d0d13a598e9e5a0c634f458405ce26ddce2de435962f900d4b6de196349f46a73d8fe8f3cecd34763a379fa538b1b64d7ae718a22c977c67f4fd277bd5e2c370d57bd53a49b8519da2b812761b7dc5cb8f1b31415dc49c5dc4bffa31c970e5bb56516c07c65e0e8b3a017d558564b4696e3b34ff90218f85d428de8c4a785fee994e3ccca7bec96c6856131467dce09733e9f839d7b5b632d061b0c043d9acad374c422c9a38f55664bebe338adbde462b997f852626ccfc64d2c4bbbe8fbc34d4f77ade1324bceb3a23c1da10475f83c4655c315121b7d6912237b79bd8c3cca903091de0a608aedf3d47f82ed501e5599d068df9775518d397cf80660c6a20c580863521dde5fb5688420db7c8efe6ac026b7392bcc93bd450089ff30f835264881b5c4d4da10d9c054bb555db9ffbe565d0c70ba6e86b6578b3e85dd63180f61b01aacc6ae736e7b63f0495cf6c5b63718c1d53fb87f73e03e7011bae683624a021c1a9d94bab34863dbb2d5af76f60f7e6d02b947b91398e0fbc711495d2a7bf31dc4effdc042cc60c5c3210ae2cb33700a3368a5287ca7b76fc369c7392cd71a5fb4f1199349e933196337496bbaf2617a887f69fce1471cc2702bee82a0421386679f1d73f0b5151d40547136c0d3d4863808443ef1acdd649ddd61d4e33d43cb1b4f8844f975df18048620d7bb4d036cfe909dc166a0604c5321af95d15e01d4f461518e7d9208b399ef577c059489ec958dd02980469ad91215408c0d3365b11946b49937f5eb6e78364722b5564aedcf8f59ccc300e49da4f16506716afa83dd450a5bc1667c1590f6c49fbcaaa19db632ba45a3ec12043cf2d654d2c9ddb1abbadf7fb468397fcdf428c265408e5c7f139e68709162c724a63f234ff59ebb5ad601aa5d8c933486e376200c9c0615e73cb67d0f14441d24f058183a888614a5b8828054fece19279fc5802be0ec303cfeb6f5de498c50b17293fed1d0b3dee069671d9cf91c7418bb72846653910d8880977bb67e9edac4c6525acaa4a09f02249e0ac453de24e26be7d51282c0e14676b2b54b1581e3559e50f44c806fcc108de6030c518498fa1105124e68575337613118dba9ddc49b94b2a5cb7d416a1ee05c84cbbd633cdd880d7cd262f67ac334c41dac5a70642c047211b2e6e829f82f1a46c09780678bf40fba9f42d2d91a529798943e5f82765799d0f7c40ef3bb94926fad280ced80caf04114f98116dd784d9dc4b4f138afc5294f0ae7f652315a247729c54cb724dea6fe7aac020f75c85cb702e9cb1812eafb8582bdb7b3db96af25f873058d791bb60e50534a5c545e37f560936ee0d40d2327ca2dfd06cdd0b86a3e42243f2561e9890e4f3eb69727237bb67df4e48662199c00597156fc8640da48164462fbcfa81e8d3baed307a84d1ab27cc3a28daaa513ad2ce275d25f09fc9f7e2ee51a9f090be6aefaf84b7a89c74a2814f4c4e893a55461eebef355d422cef1c71e180cca7379a0047a72621f4e30a922001a3f5cf1ba162e11ca4c79be928b7274eb4cdc2e5eb553e7b995f180e720e4d4883a89e019a117c73b6ce0142b9df1f971cdd39e6580b0a3818bbd12b648011f03c057fd757aab9a5d91118592af23696ff6e8dfa655d4c6e28a26e7780e62f1a889e517697430df5480241e1e7eff5c0ed789b730235a6de595db53120b77417f507089d82d05f51733deeb5d9a123bd4fcd08968588a7c1a6b3928fca00949e56485387ead0a998c98d2810849b17bc8fc832639066e5992b3034fef8c34695354e8e3a61450548c8928a1198095ea41522ad0f4995c1e748955e8452ccee058ad9edbdc998cda61b39726c0679d2db0366dfaf9e66e773e8bd08ba16ccb8be46b679518193f069e116de4a10fce046c01146e737bf774887c02c4d3146ec8123b4128aece826374a099fed26bb9dee58d4cd74970f54e286d85bcbe09628d8d24739f1ba7eace84dd0f89d01985dfa7103d2a606bf56ecf22afbddf02144f6ee2089ac58f7eccf5fdd1e77ff975ede5b744845a3b4e4b31ec18b85d7d0175b3a7a7807b3e1615017705897b1ff8f70c709284825943e26e65d0a2a04ed3c101fe4cdb715fabbbd63ee363ee49582e288b63ffe580bd8062e94fd46ad461c465c38205e3f0b949ef42d8fcc3f419ad8509633836f170a4b3c47f8934876169f8657af5fef1a029ee2cf3932a6a6bf3424137ad2b1a502302852e4da3b54c238fc9d36d536a3c6bfe7e6518a2e5cec75a8d89f4d1c6ed47aeec2c1f6065b15bae1215c19a56f0cad49278a14302fa88681c4728d6a9c7ceddfe68e327e65f7dc77933a039382fe8a3fd8f53ae85277b995898ed3f1f215d31a32b4033f21aa01e0301f7418e7dbfbb48e042485277ff9c4a11665018763862e67db90764cefd276f985e26710389b7120043564f76734387460d012ce198a0bf8abbd27d3efcb8636e07ff2df4a1747fea6252c3b842b8e9ddf33145258e45fd265b71503a00b70da3cc731560110086076d536930709bef7bb2283d5d9fdfca95ea073a3699fef5923b653ce788d891afdc2347c23566c9efe34e886eba952855ef3434b45058c779b65b35b3dcbbd40637965430142013f00c74c1c3ce1f01ce54a4d64f211b42713009221b79d1d78e45a0f550f3aed9e20a5bf7746553297abecd11e3523606f723c2628429817524284bc41410b434732c86a8af6e73748831c079110ce601eeb0077e26c06e9f88cc4f01f787a2337275723903063cbd0db457b61b893bdd73c035d37cebd9fbe55024c143b48b7346e1cf1bc02cf63ccfbf4db8dc0497b62662b4ecfb6675b0495ad5575ce50cf58ece73f49cc3c3243cc96566132724c083a282b0121a8b17e5a655e63e1fb8fc92fd08c16091fe193f65eb54dee3184370f7f03f535f17e55411090032420a907a1595a91e55eda933502bf609c333b3a46042fa4345f9788b43388c62dcdcbcc65e3718b615c60ba9710bf81996d7a218d3fc2d0bb310f7fd9249be84d42b7e7ba8217ac6ce3d5060c3cc015f485829cfe1fbfb21639146bda528390525936eb3223d128686aeb0c2c7de97e8a4da88a2c797c214adedd88c2b168e416b9a70f5bf77f4c6d5ac9abee831005ca699b7f40ccc6303d798b55f50b7513f83a682054969fca159e941df0c37843f0a2dbe148019fe03642986907d457433765c30a36582d5492c0aa0f07c4deff87be90eeccf5df0b4570ca467851cdc66af713627d4baf9e9750109d0ed0a23e3658e505ab96e0b4b18a4fe5d95b462c7216a5f507123d2d7f41ea1a1268e48fceaa6789879428a4b93d4d70c8614e439c1ac10a6d6a6678889421fd4fc93738c1aea7f883a73972ab69bce79fcdb3b69b585535441105acceb7ea6e205cd7f5882c9bebae1e408029f5fed2d840a8e37c612480c1d6a69b5b68ce636f1d9dc895eec0c240f58f1ee425bb4e7591c0eab08b7ca9416895a9033afbb2d300166b05dae0ba1ffe1926e97ad3ae05fde82f30b7f7cc14f0441c8560112732d629aa3768a9ea5c8aced2523cf0e6a2ad14b94f33fa1eb9a28c96c76d8b2b750f756811a774be0aae4a995b8cb926d407d44769aae5b84da336451b91f81f8f54a458164bae3d0d2b7eb05ffc2621344d3508b035def48933e587b13526b79b6a84e17aeaeae", 0x103a, 0x5c0b}, {&(0x7f00000013c0)="66a18ce4f65ca736e4c271e659f5ae4dd76fd9d5322ad42f37415473beaa4e90665fd891c1045d1e394da468fc767eeb2d09e034470b6e", 0x37, 0xfff}], 0x44410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000380)='./file1\x00', 0x80000, 0x94)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600aa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000200), &(0x7f00000003c0)=@md5={0x1, "fb8772c5670e72e71ac57c78e6c4420d"}, 0x11, 0x0)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

[ 2751.456254] loop3: detected capacity change from 0 to 40
[ 2751.462366] loop2: detected capacity change from 0 to 40
21:39:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 19)

21:39:18 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x288, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:39:18 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2751.487111] loop4: detected capacity change from 0 to 40
[ 2751.488217] loop5: detected capacity change from 0 to 40
[ 2751.503389] FAT-fs (loop5): bogus number of reserved sectors
[ 2751.503820] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2751.507234] loop7: detected capacity change from 0 to 40
[ 2751.638688] syz-executor.3: attempt to access beyond end of device
[ 2751.638688] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2751.639857] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2751.745985] syz-executor.4: attempt to access beyond end of device
[ 2751.745985] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2751.747224] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2751.774909] syz-executor.2: attempt to access beyond end of device
[ 2751.774909] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2751.776678] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:39:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(r0, &(0x7f0000000380)='./file2\x00', 0x200400, 0x1)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:31 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:39:31 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x300, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:39:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:39:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:31 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 20)

[ 2765.234673] loop3: detected capacity change from 0 to 40
[ 2765.247006] loop2: detected capacity change from 0 to 40
[ 2765.250898] loop4: detected capacity change from 0 to 40
[ 2765.253050] loop7: detected capacity change from 0 to 40
[ 2765.296228] loop5: detected capacity change from 0 to 40
[ 2765.298095] FAT-fs (loop5): bogus number of reserved sectors
[ 2765.298548] FAT-fs (loop5): Can't find a valid FAT filesystem
21:39:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:32 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x600, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2765.423196] syz-executor.4: attempt to access beyond end of device
[ 2765.423196] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2765.424615] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2765.493625] loop7: detected capacity change from 0 to 40
[ 2765.498135] syz-executor.3: attempt to access beyond end of device
[ 2765.498135] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2765.500279] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2765.547879] syz-executor.2: attempt to access beyond end of device
[ 2765.547879] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2765.549875] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:39:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:39:32 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:32 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x900, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:39:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 21)

21:39:32 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2765.707779] loop4: detected capacity change from 0 to 40
[ 2765.729949] loop3: detected capacity change from 0 to 40
[ 2765.777425] loop7: detected capacity change from 0 to 40
[ 2765.780871] loop2: detected capacity change from 0 to 40
[ 2765.823107] syz-executor.4: attempt to access beyond end of device
[ 2765.823107] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2765.824014] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2765.850701] FAULT_INJECTION: forcing a failure.
[ 2765.850701] name failslab, interval 1, probability 0, space 0, times 0
[ 2765.852802] CPU: 0 PID: 12758 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2765.853897] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2765.854963] Call Trace:
[ 2765.855381]  <TASK>
[ 2765.855699]  dump_stack_lvl+0x8f/0xb7
[ 2765.856237]  should_fail_ex.cold+0x5/0xa
[ 2765.856796]  should_failslab+0x9/0x20
[ 2765.857331]  __kmem_cache_alloc_node+0x5b/0x400
[ 2765.857960]  ? iter_file_splice_write+0x169/0xcb0
[ 2765.858639]  ? iter_file_splice_write+0x169/0xcb0
[ 2765.859328]  __kmalloc+0x46/0xc0
[ 2765.859810]  iter_file_splice_write+0x169/0xcb0
[ 2765.860486]  ? generic_file_splice_read+0x1bc/0x4d0
[ 2765.861192]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2765.861917]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 2765.862651]  ? selinux_file_permission+0x3e0/0x510
[ 2765.863360]  ? security_file_permission+0xb5/0xe0
[ 2765.864043]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2765.864752]  direct_splice_actor+0x113/0x180
[ 2765.865396]  splice_direct_to_actor+0x33a/0x8c0
[ 2765.866057]  ? __pfx_direct_splice_actor+0x10/0x10
[ 2765.866744]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 2765.867451]  ? security_file_permission+0xb5/0xe0
[ 2765.868143]  do_splice_direct+0x1bc/0x290
[ 2765.868730]  ? __pfx_do_splice_direct+0x10/0x10
[ 2765.869403]  ? lock_is_held_type+0xdb/0x130
[ 2765.870001]  do_sendfile+0xb1d/0x1280
[ 2765.870551]  ? __pfx_do_sendfile+0x10/0x10
[ 2765.871158]  __x64_sys_sendfile64+0x248/0x2a0
[ 2765.871793]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 2765.872489]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2765.873194]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2765.873898]  do_syscall_64+0x3f/0x90
[ 2765.874422]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2765.875115] RIP: 0033:0x7f55ec4f1b19
[ 2765.875615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2765.877949] RSP: 002b:00007f55e9a67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2765.878942] RAX: ffffffffffffffda RBX: 00007f55ec604f60 RCX: 00007f55ec4f1b19
[ 2765.879870] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2765.880791] RBP: 00007f55e9a671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2765.881748] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 2765.882682] R13: 00007ffff83f85bf R14: 00007f55e9a67300 R15: 0000000000022000
[ 2765.883650]  </TASK>
[ 2765.929694] syz-executor.3: attempt to access beyond end of device
[ 2765.929694] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2765.931734] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:39:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf00, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:39:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:39:50 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000540)=[{&(0x7f00000003c0)="04000000646f7366d8a02b00080101f40340002000f8d95de44792117f54c87f5ea3ed8101960b58f044ba2c0a1c1cee2e9c8e6c1c28f6884373e61fc725b20cedd5d3501abad41d3e63a6132834adf7942bb16943255f25fb98d305c102827e67", 0x61, 0x2}, {0x0, 0x0, 0x62e}, {&(0x7f0000000440)="7edd2ecf2b1798276148d13c0eb13b8838e61770da1b0100fdc665409220ec5ab04caac93c30b23e870d6a84da35edba7fe26546c5c3ff8af31c2af6bca66f95dca8299ecbaf2530890c96bd5c8ce4ce74503e93f9b3226259f8c3730f622cea04c99b6f44cdee1a4dcf86f9afa1b851a8a9c4b9641216d945b844c159095715a5df0fe306d1159ac438789afaa5bca446c12e8971f412d6924571482cc6b3152d0ce6f270e1aef4592eefba6167adae6b2b3b62035fa1976adf91b43e421fdc00f9b99ee0b09b9f18376ec8ff8c610f348bb9061cb28c602982a882440c6708b78fe43aca1e2614ac9d5de513c5c66ba2c53b1c495a3308d53d9e131f", 0xfd, 0xfffffffffffffff8}], 0x200411, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
process_vm_writev(0x0, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/113, 0x71}, {&(0x7f0000000640)}], 0x2, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/199, 0xc7}, {&(0x7f00000007c0)=""/176, 0xb0}, {&(0x7f0000000880)=""/228, 0xe4}, {&(0x7f0000000a80)=""/145, 0x91}], 0x4, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000380)={0x1})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:39:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 22)

21:39:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2783.509800] loop5: detected capacity change from 0 to 40
[ 2783.513132] loop7: detected capacity change from 0 to 40
[ 2783.515228] FAT-fs (loop5): bogus number of reserved sectors
[ 2783.515671] FAT-fs (loop5): Can't find a valid FAT filesystem
21:39:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2783.536589] loop2: detected capacity change from 0 to 40
[ 2783.553718] loop4: detected capacity change from 0 to 40
[ 2783.558582] loop3: detected capacity change from 0 to 40
21:39:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2783.688949] syz-executor.4: attempt to access beyond end of device
[ 2783.688949] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2783.689970] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:39:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x79ef, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:39:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2783.780778] loop7: detected capacity change from 0 to 40
[ 2783.837075] syz-executor.2: attempt to access beyond end of device
[ 2783.837075] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2783.838206] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2783.848337] loop4: detected capacity change from 0 to 40
21:39:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 23)

[ 2783.953654] syz-executor.4: attempt to access beyond end of device
[ 2783.953654] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2783.954603] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:39:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:39:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x8802, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2784.114675] loop2: detected capacity change from 0 to 40
21:39:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2784.217129] loop4: detected capacity change from 0 to 40
[ 2784.232599] loop7: detected capacity change from 0 to 40
[ 2784.510740] syz-executor.7: attempt to access beyond end of device
[ 2784.510740] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2784.512555] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2784.568690] syz-executor.4: attempt to access beyond end of device
[ 2784.568690] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2784.570790] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2784.580269] syz-executor.2: attempt to access beyond end of device
[ 2784.580269] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2784.582782] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:40:06 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xef79, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:06 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 24)

21:40:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffffff, &(0x7f00000003c0)='./file2\x00', 0x202000, 0x6b)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2800.108048] loop2: detected capacity change from 0 to 40
[ 2800.131837] loop3: detected capacity change from 0 to 40
[ 2800.144179] loop4: detected capacity change from 0 to 40
[ 2800.164552] loop7: detected capacity change from 0 to 40
[ 2800.176141] loop5: detected capacity change from 0 to 40
[ 2800.188929] FAT-fs (loop5): bogus number of reserved sectors
[ 2800.190258] FAT-fs (loop5): Can't find a valid FAT filesystem
21:40:06 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2800.506409] syz-executor.4: attempt to access beyond end of device
[ 2800.506409] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2800.508045] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:40:07 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x80000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2800.552875] syz-executor.2: attempt to access beyond end of device
[ 2800.552875] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2800.554751] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2800.575949] syz-executor.7: attempt to access beyond end of device
[ 2800.575949] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2800.577880] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:40:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:07 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:07 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf0ffff, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2800.827683] loop4: detected capacity change from 0 to 40
21:40:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 25)

[ 2800.900795] loop7: detected capacity change from 0 to 40
[ 2800.978194] loop2: detected capacity change from 0 to 40
21:40:07 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x1000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2801.083679] syz-executor.4: attempt to access beyond end of device
[ 2801.083679] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2801.085225] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:40:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:07 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:07 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900010000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a0000800000000000000000be876034b8d54c772883821e4de0e74bb3abfe5398453fafcb7fba27b84aec", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
sendfile(0xffffffffffffffff, r0, &(0x7f0000000380)=0x10001, 0x6)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

[ 2801.287790] syz-executor.7: attempt to access beyond end of device
[ 2801.287790] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2801.289781] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:40:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2801.338106] loop3: detected capacity change from 0 to 40
[ 2801.345216] syz-executor.2: attempt to access beyond end of device
[ 2801.345216] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2801.347138] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2801.361021] loop5: detected capacity change from 0 to 40
[ 2801.374063] FAT-fs (loop5): bogus number of reserved sectors
[ 2801.376636] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2801.470042] loop4: detected capacity change from 0 to 40
[ 2801.592464] syz-executor.4: attempt to access beyond end of device
[ 2801.592464] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2801.594377] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2816.002970] loop4: detected capacity change from 0 to 40
[ 2816.003909] loop7: detected capacity change from 0 to 40
[ 2816.028953] loop5: detected capacity change from 0 to 40
[ 2816.030730] loop3: detected capacity change from 0 to 40
21:40:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x43f0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x2000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 26)

21:40:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2816.042042] FAT-fs (loop5): bogus number of reserved sectors
[ 2816.042548] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2816.073233] syz-executor.4: attempt to access beyond end of device
[ 2816.073233] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2816.074167] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2816.099754] loop2: detected capacity change from 0 to 40
21:40:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x3000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2816.340830] syz-executor.7: attempt to access beyond end of device
21:40:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
move_mount(0xffffffffffffff9c, &(0x7f0000000b40)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000bc0)='./file1\x00', 0x1)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f00000003c0)='./file0\x00', 0x0, 0x8, &(0x7f00000009c0)=[{&(0x7f0000000400)="02b73289fa9c50e1533f0ad43f14b21a9c78c4a5cc5f9f3d1df7f266531042cc360dc610de1b5a130fcd1cd1076b984b3c2cfe0a48045d3b42269c09e90d326572d9d51c", 0x44, 0x6}, {&(0x7f0000000480)="7b3879965d1fe3388abd96c1e22d8ab576166eaff5c52cbef6c5bf6548755f11f24cd47f99fa5f2f1014c64b09d230a132456477c210a5c2294984e0ae2f5165b587f2bb2a7f0752945833ff40b0d893f9f6a7d3641c03bf1ab39c18de86cbbbfc177fb1baff63a1c30c3eadb7d03c61344751ad6f9a18838911ec759de3f01a6c2188c26dd8ba7f576a4adab36ed70b8a8395e1376289d3d195b22f20023b43d1b114c84f0f7223cf7cb6832d00d73692507d0855cf8fe43f37931bf842287d23e72b30898c2e4e5e4e3545fa7e1f7467cedc5299beaf0ca2d0971f190e027e36057aadab4b0fc95f0ac934e0", 0xed, 0x7}, {&(0x7f0000000580)="234a06877f08be8ce2ef76734f63a96a4e91726c7b8232ca4f4b9d56281453ea88efbe5128ad698121d56db81169f5ef81e802849aff78582ffeb18deccd2f8dbe2a2fc56b901c541e6cfbc737e1b1f9d5d47f109a569cee17b9e5ec2d89e7719f1da0fd6f3196db0c72f7855104cc71e8e01eebd01b246ab3d73faefaae01583518cfd7c732fdc8eb65b1", 0x8b, 0x5}, {&(0x7f0000000640)="0c54f1232df1ad5b0bb493c221d6d6a6feb5ab7f467cffb43cbc1a5f8b319ec00f1307842af5265920faca31e5cc9e9b879ba6519a0464154c8be190a4154d947f5a64fa5e4c66", 0x47, 0xffff}, {&(0x7f00000006c0)="f7cd6a628a70780fbc2146f08242645ca90a392dc8ccd8580bbb615814cb1f82bd0167b37467ed40d4d049747b2843a60fcb65", 0x33, 0x5d6faadf}, {&(0x7f0000000700)="6c06c4fb6618d3141d8e5672953dc76e8600b4641d884ca79f18c7d40b21acc1258faf1263b65a8b67fd1b839457657acaea283a0e70ee5896450804b04514176caea99baa0bc8b2949fa66125a620449183552bba06f3790897286e9bc0b3c136159f14b18f806ce013e831fbcf2d9b539447dfec8e7e079a1c07e390ae745d4fcf0a369d7504dc20fec1c03c857d4c55ddf9930edf7e872dd84736b3c133f04ea18029c6a49d087cf2151d114ae29fcc013d4ba7e5fe51d4a07680d2333d14b06518086c506ffc3057ffb47bfbb3212ed0b24e38b43d3ddf4f1b47a5dcd2b9a4ed2f7b9fec5de8ce149bdc6c", 0xed, 0x3}, {&(0x7f0000000800)="7e1e37a268c5766720c77dd0f8d28a4f02f9ec1dfb4b29a7bf60fb35799b5423499c5ecd923c03bd407190602c350d5734b5a766b6a197fed985cf570c35580e1c2ceb3ab7ceccdf29ace388c4d072a842ccfcd1480cb858675aaf62a8de1a251edcd517fe32f5cf757990a83350d57ed82487144e765039d890b035aa399a3a1329e7b06b91a0d4ff2a5dec", 0x8c, 0x1}, {&(0x7f00000008c0)="9d7395e43fc542a84a31cee0a48c3a641b9506ebee4923f71d69f6db69c4a5ba8bf9255e993a80331bd16c8d5044eb0e51e0bba00fcb13a318b79bd9057ea5adeab785ebc07e6e72675cbcb9092c99411d583b0b92779cd189c82c865dcd7e313df21c0c35a6300d707ab3003700cae28342ef0e660e5142beff622d4cde18229cb7b45058f7c5dcca64772def496145520244a49b9973b612687068be86d30cd6dd4f5e4aaec3b4f4bdd63f4684fd8180bec15cf856ee51eedaca37c0c29193d87a8c9e1654a4d5262ed49bd7796685207ccce4ee2313481c686dd9813ef1f0f3a654", 0xe3, 0x4}], 0x2002000, &(0x7f0000000c00)={[{@fat=@dmask={'dmask', 0x3d, 0x9}}, {@nonumtail}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@shortname_mixed}], [{@dont_appraise}, {@subj_user={'subj_user', 0x3d, '.%#-'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '%#-\xaf-'}}, {@smackfshat={'smackfshat', 0x3d, 'trusted.overlay.redirect\x00'}}]})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2816.340830] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2816.344186] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2816.392972] loop4: detected capacity change from 0 to 40
[ 2816.442596] syz-executor.2: attempt to access beyond end of device
[ 2816.442596] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2816.443677] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:40:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 27)

21:40:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2816.564361] syz-executor.4: attempt to access beyond end of device
[ 2816.564361] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2816.565207] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:40:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x4000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2816.671620] loop7: detected capacity change from 0 to 40
[ 2816.710863] loop2: detected capacity change from 0 to 40
[ 2816.875114] loop4: detected capacity change from 0 to 40
21:40:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x6000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2816.989743] syz-executor.7: attempt to access beyond end of device
[ 2816.989743] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2816.990870] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:40:23 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2817.122985] syz-executor.4: attempt to access beyond end of device
[ 2817.122985] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2817.124041] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2817.143107] loop7: detected capacity change from 0 to 40
[ 2817.192051] loop5: detected capacity change from 0 to 40
[ 2817.193798] loop3: detected capacity change from 0 to 40
21:40:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x9000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2817.234967] FAT-fs (loop5): bogus number of reserved sectors
[ 2817.235789] FAT-fs (loop5): Can't find a valid FAT filesystem
21:40:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf000000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2817.323035] syz-executor.2: attempt to access beyond end of device
[ 2817.323035] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2817.325213] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2817.500877] loop4: detected capacity change from 0 to 40
[ 2817.501879] syz-executor.7: attempt to access beyond end of device
[ 2817.501879] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2817.501933] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:40:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 28)

21:40:39 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:39 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x154f79ef, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:39 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
ioctl$CDROMRESUME(r0, 0x5302)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:40:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:39 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:39 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:39 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2832.761568] loop7: detected capacity change from 0 to 40
[ 2832.778641] loop3: detected capacity change from 0 to 40
[ 2832.782469] loop5: detected capacity change from 0 to 40
[ 2832.789723] FAT-fs (loop5): bogus number of reserved sectors
[ 2832.790135] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2832.798021] loop2: detected capacity change from 0 to 40
[ 2832.804246] loop4: detected capacity change from 0 to 40
21:40:39 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x80ffffff, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:39 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2833.019495] loop7: detected capacity change from 0 to 40
[ 2833.089921] syz-executor.2: attempt to access beyond end of device
[ 2833.089921] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2833.092178] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:40:39 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x88020000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2833.161109] syz-executor.4: attempt to access beyond end of device
[ 2833.161109] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2833.162704] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:40:39 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 29)

[ 2833.268137] loop2: detected capacity change from 0 to 40
[ 2833.285071] loop7: detected capacity change from 0 to 40
21:40:39 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:40 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x9effffff, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2833.443370] loop4: detected capacity change from 0 to 40
21:40:40 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:40 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xef790000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2833.602819] loop7: detected capacity change from 0 to 40
[ 2833.604560] syz-executor.2: attempt to access beyond end of device
[ 2833.604560] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2833.605645] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:40:40 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xef794f15, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2833.788134] syz-executor.4: attempt to access beyond end of device
[ 2833.788134] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2833.789257] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:40:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:57 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 30)

21:40:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x111442, 0x2)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xe1, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000180))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0, 0xb}, 0x402b4, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000003c0), 0x2e, 0x20000)
fcntl$setpipe(r4, 0x407, 0x4)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:57 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xf0ffffff, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2850.648255] loop5: detected capacity change from 0 to 40
21:40:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2850.669677] FAT-fs (loop5): bogus number of reserved sectors
[ 2850.670583] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2850.700710] loop2: detected capacity change from 0 to 40
[ 2850.706198] loop3: detected capacity change from 0 to 40
[ 2850.716213] loop7: detected capacity change from 0 to 40
[ 2850.727875] loop4: detected capacity change from 0 to 40
21:40:57 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xfcffffff, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:40:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:40:57 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x2100)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2850.959729] syz-executor.4: attempt to access beyond end of device
[ 2850.959729] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
21:40:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2850.961537] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2851.048815] loop3: detected capacity change from 0 to 40
21:40:57 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xfffff000, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2851.132113] loop7: detected capacity change from 0 to 40
21:40:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:40:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2851.278809] syz-executor.2: attempt to access beyond end of device
[ 2851.278809] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2851.280758] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2851.299146] loop4: detected capacity change from 0 to 40
21:40:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2851.374125] loop3: detected capacity change from 0 to 40
21:40:58 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xffffff7f, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2851.443812] syz-executor.4: attempt to access beyond end of device
[ 2851.443812] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2851.445793] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2851.590688] loop7: detected capacity change from 0 to 40
21:41:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 31)

21:41:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:13 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x73100)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7d59, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000005c0)=ANY=[@ANYBLOB="01000000010000001800000075b8fed0e5d8f059d759bf42ee21fcd189be0c8684ceb935bb923dc44dfaccc5c58af692e2161898548099333949ce8f0c06edb5a6e078dbbb9129dd0a94d2416e8f8065ea3bacf5bf", @ANYRES32=r0, @ANYBLOB="e400f808000000002f2f66696c4b310029a9ec598b231dfafd0421866b978eda5fa23f73bd7a6f9a73ec33431681ba74aeba7ed0cc89a8dc67c6f474ef62c981324b359add421c9999c5d5828945f6930ab6137663907652d24aa77b42bb1bf0ff0be73c66b7c6bb4c74927a8ff834ad16bf4ac7b9b4508ef91b7e70c5249d1b313ee7ea65c257c1fd4ada049125e8ee043e65b13948f81f33fd2ebf2e8b1bb528718e439a2a49dac2422132deb1fd052e4d47b1a97e2a2bf3f58438da435fc46bdf1f7ac7e3e468aeec07febb2a814c3e1daa3bc3e3a1250dbb16fc4101128a91699e1f06d8480474f78728afeee2419ce8b114ba318e64896a60c70b5e5a1b16fe48d9cad9d337bc431b78b963f22be74a82eb642321e1f224caf6ba50154e0882500990c25eda1bc24cd97107"])

21:41:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:41:13 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xffffff80, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:41:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2867.173480] loop3: detected capacity change from 0 to 40
[ 2867.188376] loop7: detected capacity change from 0 to 40
[ 2867.206913] loop2: detected capacity change from 0 to 40
[ 2867.214158] loop4: detected capacity change from 0 to 40
21:41:13 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xffffff9e, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2867.224881] loop5: detected capacity change from 0 to 40
[ 2867.229361] FAT-fs (loop5): invalid media value (0x00)
[ 2867.230074] FAT-fs (loop5): Can't find a valid FAT filesystem
21:41:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:41:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2867.372612] loop3: detected capacity change from 0 to 40
[ 2867.383624] loop7: detected capacity change from 0 to 40
[ 2867.543731] syz-executor.2: attempt to access beyond end of device
[ 2867.543731] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2867.545120] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:41:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
perf_event_open(&(0x7f00000003c0)={0x3, 0x80, 0x6d, 0x3, 0x38, 0x7, 0x0, 0x10000, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_bp={&(0x7f0000000380), 0x2}, 0x40, 0x4, 0x1, 0x5, 0xd75, 0x40, 0x0, 0x0, 0x7af79496, 0x0, 0x1}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000440)={0x0, 0x0, 0x4000000000000a6, 0x0, '\x00', [{0x58, 0x82, 0x104000000, 0x2, 0xff, 0x1f}, {0x9, 0xff, 0x4, 0x6, 0x80000003, 0x3}]})
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:41:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:41:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:41:28 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xfffffff0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:41:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 32)

[ 2882.366410] loop4: detected capacity change from 0 to 40
[ 2882.401861] loop2: detected capacity change from 0 to 40
[ 2882.427146] loop5: detected capacity change from 0 to 40
[ 2882.433809] loop3: detected capacity change from 0 to 40
[ 2882.444383] FAT-fs (loop5): invalid media value (0x00)
[ 2882.444907] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2882.466458] loop7: detected capacity change from 0 to 40
21:41:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:29 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xfffffffc, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2882.603258] loop4: detected capacity change from 0 to 40
[ 2882.729109] syz-executor.2: attempt to access beyond end of device
[ 2882.729109] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2882.730663] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:41:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:43 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
sendmsg$AUDIT_MAKE_EQUIV(r5, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x3f7, 0x4, 0x70bd26, 0x25dfdbff, {0xd, 0x7, './file1/file0', './file0'}, ["", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000480)={0x7, 0x100080, 0x80000, {r1}}, 0x20)

21:41:43 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0xffffffff, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:41:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 33)

21:41:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:43 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:41:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2897.097152] loop3: detected capacity change from 0 to 40
[ 2897.099191] loop7: detected capacity change from 0 to 40
[ 2897.129704] loop2: detected capacity change from 0 to 40
[ 2897.135069] loop4: detected capacity change from 0 to 40
[ 2897.144991] loop5: detected capacity change from 0 to 40
[ 2897.167106] FAT-fs (loop5): invalid media value (0x00)
[ 2897.168054] FAT-fs (loop5): Can't find a valid FAT filesystem
21:41:43 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="0f000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:41:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2897.265136] loop7: detected capacity change from 0 to 40
21:41:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:41:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2897.417616] syz-executor.2: attempt to access beyond end of device
[ 2897.417616] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2897.418761] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:41:44 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="c0000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2897.445802] loop7: detected capacity change from 0 to 40
21:41:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 34)

[ 2897.523891] syz-executor.3: attempt to access beyond end of device
[ 2897.523891] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2897.525894] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2897.578069] loop2: detected capacity change from 0 to 40
[ 2897.599706] loop4: detected capacity change from 0 to 40
[ 2897.864844] syz-executor.7: attempt to access beyond end of device
[ 2897.864844] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2897.866886] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2897.930811] syz-executor.2: attempt to access beyond end of device
[ 2897.930811] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2897.932958] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:42:02 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="c0020000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:02 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 35)

21:42:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:02 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000014c0), 0x410, &(0x7f0000000380)=ANY=[@ANYRES16])
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
fspick(0xffffffffffffffff, &(0x7f0000000200)='./file2\x00', 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000640)='./file1\x00', 0x101042, 0x108)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f00000003c0)={0xf86d, 0x200, 0x4, 0x4, 0xa, [{0x6, 0x80, 0xffff, '\x00', 0x401}, {0x2a6, 0x3, 0x6, '\x00', 0x2081}, {0x3ff, 0x10000, 0x401, '\x00', 0x8}, {0x800, 0xea, 0x3f, '\x00', 0x1005}, {0x3, 0x1, 0x5, '\x00', 0x2000}, {0x0, 0x8, 0x9, '\x00', 0x200}, {0x5, 0x8000, 0x5, '\x00', 0x10a}, {0x8, 0x100000000, 0x2, '\x00', 0x100b}, {0x4, 0x6, 0x4, '\x00', 0x100}, {0xd26, 0xff, 0x1f, '\x00', 0x200}]})
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x9d2}, 0x40812, 0x7, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2915.856148] loop5: detected capacity change from 0 to 40
[ 2915.867632] FAT-fs (loop5): invalid media value (0x00)
[ 2915.868237] FAT-fs (loop5): Can't find a valid FAT filesystem
21:42:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2915.940241] loop2: detected capacity change from 0 to 40
[ 2915.942049] loop7: detected capacity change from 0 to 40
[ 2915.956693] loop4: detected capacity change from 0 to 40
[ 2915.957803] loop3: detected capacity change from 0 to 40
21:42:02 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="c00e0000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0x0)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2916.257180] syz-executor.3: attempt to access beyond end of device
[ 2916.257180] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2916.259211] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:42:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2916.396751] syz-executor.7: attempt to access beyond end of device
[ 2916.396751] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2916.398889] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:42:03 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="e03f0300190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2916.450496] loop4: detected capacity change from 0 to 40
[ 2916.486184] syz-executor.2: attempt to access beyond end of device
[ 2916.486184] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2916.488620] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2916.495974] loop3: detected capacity change from 0 to 40
21:42:03 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 36)

21:42:03 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0x0)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:03 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="00f0ff7f190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2916.852493] loop7: detected capacity change from 0 to 40
[ 2916.871007] loop2: detected capacity change from 0 to 40
[ 2916.896898] syz-executor.6 (13128) used greatest stack depth: 22360 bytes left
21:42:03 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2916.959034] loop4: detected capacity change from 0 to 40
21:42:03 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="effdffff190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2917.004992] syz-executor.3: attempt to access beyond end of device
[ 2917.004992] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2917.006939] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:42:03 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
process_vm_writev(0x0, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/113, 0x71}, {&(0x7f0000000640)}], 0x2, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/199, 0xc7}, {&(0x7f00000007c0)=""/176, 0xb0}, {&(0x7f0000000880)=""/228, 0xe4}, {&(0x7f0000000a80)=""/145, 0x91}], 0x4, 0x0)
perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0x0, 0x3, 0x80, 0x3, 0x0, 0xfffffffffffffff7, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffff8, 0x4, @perf_bp={&(0x7f0000000380), 0x7}, 0x40060, 0x0, 0x1000, 0x2, 0x200, 0x8, 0x1, 0x0, 0x2, 0x0, 0x1}, 0x0, 0xa, r1, 0xa)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2917.133681] loop5: detected capacity change from 0 to 40
[ 2917.164202] FAT-fs (loop5): invalid media value (0x00)
[ 2917.164957] FAT-fs (loop5): Can't find a valid FAT filesystem
21:42:03 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0x0)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:03 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000000f0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:03 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:03 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2917.311732] syz-executor.2: attempt to access beyond end of device
[ 2917.311732] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2917.313608] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2917.371696] loop4: detected capacity change from 0 to 40
[ 2917.383454] loop3: detected capacity change from 0 to 40
[ 2917.385144] syz-executor.7: attempt to access beyond end of device
[ 2917.385144] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2917.386994] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2917.422637] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=15 sclass=netlink_xfrm_socket pid=13178 comm=syz-executor.1
[ 2917.731069] syz-executor.3: attempt to access beyond end of device
[ 2917.731069] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2917.732628] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:42:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 37)

21:42:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000100001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, 0x0, 0x0)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2935.074655] loop3: detected capacity change from 0 to 40
21:42:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:21 executing program 6:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000380)={0x0, 0x5, 0x8})
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000001, 0x30, 0xffffffffffffffff, 0x93897000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0xffffffffffffffb5)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000110001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2935.118069] loop5: detected capacity change from 0 to 40
[ 2935.122377] FAT-fs (loop5): invalid media value (0x00)
[ 2935.122731] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2935.124414] loop4: detected capacity change from 0 to 40
[ 2935.147656] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2935.163083] loop7: detected capacity change from 0 to 40
[ 2935.164611] loop2: detected capacity change from 0 to 40
21:42:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000120001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2935.255553] syz-executor.3: attempt to access beyond end of device
[ 2935.255553] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2935.256752] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2935.333070] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2935.422680] syz-executor.4: attempt to access beyond end of device
[ 2935.422680] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2935.423888] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2935.458161] syz-executor.7: attempt to access beyond end of device
[ 2935.458161] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2935.459564] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2935.476142] syz-executor.2: attempt to access beyond end of device
[ 2935.476142] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2935.477537] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:42:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2949.468919] loop3: detected capacity change from 0 to 40
21:42:36 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:36 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:36 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, 0x0, 0x0)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:36 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f00000001c0)={[0x80]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, &(0x7f0000000380))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x100, &(0x7f00000003c0)={0x7, 0x8, 0x0, {r0}}, 0x20)

21:42:36 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000130001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:36 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 38)

[ 2949.489761] loop5: detected capacity change from 0 to 40
[ 2949.497099] loop4: detected capacity change from 0 to 40
[ 2949.505606] FAT-fs (loop5): bogus number of FAT sectors
[ 2949.505980] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2949.508771] loop7: detected capacity change from 0 to 40
[ 2949.520777] loop2: detected capacity change from 0 to 40
21:42:36 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000140001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2949.771274] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2949.788115] syz-executor.3: attempt to access beyond end of device
[ 2949.788115] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2949.789188] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 2949.815082] syz-executor.4: attempt to access beyond end of device
[ 2949.815082] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2949.816234] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2949.830146] syz-executor.7: attempt to access beyond end of device
[ 2949.830146] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2949.831613] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2949.853730] syz-executor.2: attempt to access beyond end of device
[ 2949.853730] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2949.855978] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:42:36 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000150001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:36 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, 0x0, 0x0)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 39)

21:42:36 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2950.008394] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2950.018584] loop2: detected capacity change from 0 to 40
[ 2950.073822] loop7: detected capacity change from 0 to 40
[ 2950.078764] loop3: detected capacity change from 0 to 40
[ 2950.090057] loop4: detected capacity change from 0 to 40
[ 2950.103530] FAULT_INJECTION: forcing a failure.
[ 2950.103530] name failslab, interval 1, probability 0, space 0, times 0
[ 2950.104888] CPU: 1 PID: 13242 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221124 #1
[ 2950.105449] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2950.106001] Call Trace:
[ 2950.106180]  <TASK>
[ 2950.106344]  dump_stack_lvl+0x8f/0xb7
[ 2950.106631]  should_fail_ex.cold+0x5/0xa
[ 2950.106914]  ? fat_cache_add.part.0+0x5b4/0xb50
[ 2950.107251]  should_failslab+0x9/0x20
[ 2950.107526]  kmem_cache_alloc+0x5a/0x410
[ 2950.107830]  fat_cache_add.part.0+0x5b4/0xb50
[ 2950.108148]  fat_get_cluster+0x922/0xd40
[ 2950.108440]  ? __pfx_fat_get_cluster+0x10/0x10
[ 2950.108787]  fat_get_mapped_cluster+0x216/0x450
[ 2950.109118]  ? __pfx_fat_get_mapped_cluster+0x10/0x10
[ 2950.109487]  fat_bmap+0x1fc/0x460
[ 2950.109740]  fat_get_block+0x33e/0x930
[ 2950.110029]  ? __pfx_fat_get_block+0x10/0x10
[ 2950.110349]  ? lock_is_held_type+0xdb/0x130
[ 2950.110666]  __block_write_begin_int+0x380/0x13d0
[ 2950.111008]  ? __pfx_fat_get_block+0x10/0x10
[ 2950.111353]  ? __pfx___block_write_begin_int+0x10/0x10
[ 2950.111721]  ? PageHeadHuge+0x169/0x1b0
[ 2950.112011]  ? __pfx_fat_get_block+0x10/0x10
[ 2950.112332]  block_write_begin+0xb9/0x450
[ 2950.112628]  cont_write_begin+0x4fe/0x700
[ 2950.112932]  ? lock_is_held_type+0xdb/0x130
[ 2950.113235]  ? __pfx_fat_get_block+0x10/0x10
[ 2950.113556]  ? __pfx_cont_write_begin+0x10/0x10
[ 2950.113882]  ? lock_release+0x3b6/0x750
[ 2950.114170]  ? __mark_inode_dirty+0x5a6/0xe70
[ 2950.114495]  ? mark_held_locks+0x9e/0xe0
[ 2950.114791]  fat_write_begin+0x89/0x180
[ 2950.115073]  ? __pfx_fat_get_block+0x10/0x10
[ 2950.115399]  generic_perform_write+0x25a/0x580
[ 2950.115726]  ? __pfx_generic_perform_write+0x10/0x10
[ 2950.116106]  ? __pfx_fat_update_time+0x10/0x10
[ 2950.116432]  ? __pfx_file_update_time+0x10/0x10
[ 2950.116790]  ? generic_write_checks+0x2c0/0x400
[ 2950.117129]  __generic_file_write_iter+0x2de/0x480
[ 2950.117496]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 2950.117833]  generic_file_write_iter+0xe7/0x350
[ 2950.118190]  do_iter_readv_writev+0x211/0x3c0
[ 2950.118509]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 2950.118879]  ? avc_policy_seqno+0xd/0x70
[ 2950.119169]  ? security_file_permission+0xb5/0xe0
[ 2950.119554]  do_iter_write+0x18b/0x700
[ 2950.119855]  ? lock_is_held_type+0xdb/0x130
[ 2950.120169]  vfs_iter_write+0x74/0xb0
[ 2950.120471]  iter_file_splice_write+0x73e/0xcb0
[ 2950.120818]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2950.121217]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 2950.121595]  ? inode_security+0x105/0x140
[ 2950.121922]  ? security_file_permission+0xb5/0xe0
[ 2950.122267]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2950.122665]  direct_splice_actor+0x113/0x180
[ 2950.122995]  splice_direct_to_actor+0x33a/0x8c0
[ 2950.123358]  ? __pfx_direct_splice_actor+0x10/0x10
[ 2950.123712]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 2950.124118]  ? security_file_permission+0xb5/0xe0
[ 2950.124469]  do_splice_direct+0x1bc/0x290
[ 2950.124802]  ? __pfx_do_splice_direct+0x10/0x10
[ 2950.125173]  ? lock_is_held_type+0xdb/0x130
[ 2950.125482]  do_sendfile+0xb1d/0x1280
[ 2950.125795]  ? __pfx_do_sendfile+0x10/0x10
[ 2950.126143]  __x64_sys_sendfile64+0x248/0x2a0
[ 2950.126496]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 2950.126855]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2950.127252]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2950.127610]  do_syscall_64+0x3f/0x90
[ 2950.127901]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2950.128295] RIP: 0033:0x7f55ec4f1b19
[ 2950.128576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2950.129871] RSP: 002b:00007f55e9a67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2950.130425] RAX: ffffffffffffffda RBX: 00007f55ec604f60 RCX: 00007f55ec4f1b19
[ 2950.130926] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2950.131454] RBP: 00007f55e9a671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2950.131963] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 2950.132479] R13: 00007ffff83f85bf R14: 00007f55e9a67300 R15: 0000000000022000
[ 2950.133013]  </TASK>
21:42:36 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000160001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:36 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000170001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2950.385010] loop3: detected capacity change from 0 to 40
[ 2950.403974] syz-executor.7: attempt to access beyond end of device
[ 2950.403974] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2950.405163] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2950.412056] syz-executor.4: attempt to access beyond end of device
[ 2950.412056] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2950.413258] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2950.627023] syz-executor.2: attempt to access beyond end of device
[ 2950.627023] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2950.629018] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:42:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 40)

21:42:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, 0x0, 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000240), 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380), 0xf}, 0x0, 0x2, 0x0, 0xd361978160bfe351}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2964.330921] loop7: detected capacity change from 0 to 40
21:42:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240), 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000180001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2964.341916] loop2: detected capacity change from 0 to 40
[ 2964.346354] loop5: detected capacity change from 0 to 40
[ 2964.350635] FAT-fs (loop5): bogus number of FAT sectors
[ 2964.351029] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2964.364708] loop3: detected capacity change from 0 to 40
[ 2964.407417] loop4: detected capacity change from 0 to 40
21:42:51 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8020000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:51 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:51 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8030000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2964.626052] syz-executor.2: attempt to access beyond end of device
[ 2964.626052] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2964.627625] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2964.637635] syz-executor.7: attempt to access beyond end of device
[ 2964.637635] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2964.638784] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2964.646818] loop3: detected capacity change from 0 to 40
[ 2964.717960] syz-executor.4: attempt to access beyond end of device
[ 2964.717960] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2964.719253] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:42:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 41)

21:42:51 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240), 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:42:51 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8040000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:51 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:42:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, 0x0, 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2964.868484] loop2: detected capacity change from 0 to 40
[ 2964.904889] loop7: detected capacity change from 0 to 40
[ 2964.920011] loop3: detected capacity change from 0 to 40
[ 2964.963812] loop4: detected capacity change from 0 to 40
21:42:51 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8060000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:42:51 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2965.195008] syz-executor.2: attempt to access beyond end of device
[ 2965.195008] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2965.196232] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2965.207882] loop3: detected capacity change from 0 to 40
[ 2965.228767] syz-executor.7: attempt to access beyond end of device
[ 2965.228767] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2965.230104] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2965.273889] syz-executor.4: attempt to access beyond end of device
[ 2965.273889] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2965.275903] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2978.460413] loop7: detected capacity change from 0 to 40
21:43:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 42)

21:43:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:05 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
sendfile(r0, r0, &(0x7f00000003c0)=0x6e47, 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
sendfile(0xffffffffffffffff, r1, &(0x7f0000000380)=0x1, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:43:05 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8080000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:43:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240), 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:05 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, 0x0, 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2978.517389] loop4: detected capacity change from 0 to 40
[ 2978.517570] loop5: detected capacity change from 0 to 40
[ 2978.543262] loop2: detected capacity change from 0 to 40
[ 2978.554472] FAT-fs (loop5): bogus number of FAT sectors
[ 2978.555217] FAT-fs (loop5): Can't find a valid FAT filesystem
21:43:05 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8090000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2978.565588] loop3: detected capacity change from 0 to 40
[ 2978.622698] syz-executor.7: attempt to access beyond end of device
[ 2978.622698] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2978.623935] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:43:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:05 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80f0000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:43:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2978.836888] syz-executor.4: attempt to access beyond end of device
[ 2978.836888] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2978.838106] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2978.855660] loop3: detected capacity change from 0 to 40
[ 2978.860966] syz-executor.2: attempt to access beyond end of device
[ 2978.860966] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2978.862160] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2978.901134] loop7: detected capacity change from 0 to 40
21:43:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 43)

21:43:05 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)

[ 2979.064108] loop4: detected capacity change from 0 to 40
[ 2979.076080] loop2: detected capacity change from 0 to 40
[ 2979.191179] syz-executor.7: attempt to access beyond end of device
[ 2979.191179] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2979.192404] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2979.328765] syz-executor.4: attempt to access beyond end of device
[ 2979.328765] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2979.330016] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 2979.334947] syz-executor.2: attempt to access beyond end of device
[ 2979.334947] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2979.337537] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:43:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2994.562835] loop2: detected capacity change from 0 to 40
[ 2994.564338] loop5: detected capacity change from 0 to 40
21:43:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, &(0x7f0000001380)=0x7f, &(0x7f00000013c0)=0x2)
ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000380)=""/4096)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 44)

21:43:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)

21:43:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8f00000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2994.586125] loop7: detected capacity change from 0 to 40
[ 2994.592400] loop3: detected capacity change from 0 to 40
[ 2994.608748] loop4: detected capacity change from 0 to 40
21:43:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8880200190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:43:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2994.781613] syz-executor.5: attempt to access beyond end of device
[ 2994.781613] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2994.782715] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 2994.785550] syz-executor.7: attempt to access beyond end of device
[ 2994.785550] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2994.786602] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:43:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000300190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 2994.822906] loop3: detected capacity change from 0 to 40
21:43:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2994.889921] syz-executor.4: attempt to access beyond end of device
[ 2994.889921] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2994.891239] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:43:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 2994.928865] syz-executor.2: attempt to access beyond end of device
[ 2994.928865] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2994.930799] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:43:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000600190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:43:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 45)

[ 2995.033803] loop5: detected capacity change from 0 to 40
[ 2995.052456] loop7: detected capacity change from 0 to 40
21:43:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)

21:43:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2995.170160] loop4: detected capacity change from 0 to 40
[ 2995.173156] loop2: detected capacity change from 0 to 40
[ 2995.281116] syz-executor.5: attempt to access beyond end of device
[ 2995.281116] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2995.282568] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 2995.291809] loop3: detected capacity change from 0 to 40
[ 2995.360072] syz-executor.7: attempt to access beyond end of device
[ 2995.360072] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2995.361234] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 2995.407134] syz-executor.2: attempt to access beyond end of device
[ 2995.407134] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2995.408260] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 2995.414892] syz-executor.4: attempt to access beyond end of device
[ 2995.414892] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2995.416905] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:43:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:37 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:37 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000900190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:43:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, 0x0, &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3010.910836] loop4: detected capacity change from 0 to 40
[ 3010.914167] loop3: detected capacity change from 0 to 40
21:43:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 46)

21:43:37 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x0, 0x100080, 0x100000, {r0}}, 0x20)

21:43:37 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
[ 3010.914337] loop5: detected capacity change from 0 to 40
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3010.931226] loop7: detected capacity change from 0 to 40
[ 3010.943786] loop2: detected capacity change from 0 to 40
[ 3011.051748] syz-executor.5: attempt to access beyond end of device
[ 3011.051748] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.053040] Buffer I/O error on dev loop5, logical block 10, lost async page write
21:43:37 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000f00190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3011.140462] syz-executor.7: attempt to access beyond end of device
[ 3011.140462] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.141777] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3011.153201] syz-executor.2: attempt to access beyond end of device
[ 3011.153201] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.154632] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:43:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 47)

21:43:37 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3011.285942] syz-executor.4: attempt to access beyond end of device
[ 3011.285942] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.288707] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:43:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, 0x0, &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:38 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8ef7900190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3011.443812] loop2: detected capacity change from 0 to 40
[ 3011.457894] loop7: detected capacity change from 0 to 40
[ 3011.468762] loop5: detected capacity change from 0 to 40
[ 3011.475088] syz-executor.3: attempt to access beyond end of device
[ 3011.475088] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.476261] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:43:38 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x0, 0x100080, 0x100000, {r0}}, 0x20)

21:43:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3011.609423] loop4: detected capacity change from 0 to 40
[ 3011.666664] loop3: detected capacity change from 0 to 40
[ 3011.682117] syz-executor.2: attempt to access beyond end of device
[ 3011.682117] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.683554] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:43:38 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8028800190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3011.755064] syz-executor.4: attempt to access beyond end of device
[ 3011.755064] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.756213] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3011.839935] syz-executor.7: attempt to access beyond end of device
[ 3011.839935] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3011.841183] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3012.104075] syz-executor.3: attempt to access beyond end of device
[ 3012.104075] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3012.106257] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3027.474768] loop7: detected capacity change from 0 to 40
[ 3027.477407] loop5: detected capacity change from 0 to 40
21:43:54 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 48)

21:43:54 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:54 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:54 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:54 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x0, 0x100080, 0x100000, {r0}}, 0x20)

21:43:54 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, 0x0, &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:43:54 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000400)={0xd7, 0x10, '\x00', 0x0, &(0x7f00000003c0)=[0x0, 0x0]})
ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
mount_setattr(r0, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000}, 0x20)

21:43:54 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b879ef00190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3027.488239] loop3: detected capacity change from 0 to 40
[ 3027.492599] loop4: detected capacity change from 0 to 40
[ 3027.588221] loop2: detected capacity change from 0 to 40
21:43:54 executing program 6:
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file2\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000440)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, 0x0, 0x600, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x15bf}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x7fffffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x200000d1}, 0x4000004)
sendfile(r1, r0, 0x0, 0xfffffdef)
dup2(0xffffffffffffffff, r2)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3027.806182] syz-executor.4: attempt to access beyond end of device
[ 3027.806182] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3027.808911] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3027.819098] syz-executor.3: attempt to access beyond end of device
[ 3027.819098] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3027.821763] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:43:54 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b800f000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3027.892873] syz-executor.7: attempt to access beyond end of device
[ 3027.892873] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3027.895062] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:43:54 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = accept4$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000003c0)=0x14, 0x80000)
write$binfmt_aout(r3, &(0x7f0000000400)={{0x1c7, 0xdc, 0x9, 0x23b, 0x188, 0x3, 0x81, 0x1}, "4ea25565c050475847aa603bff7b190a0a53715b4d2226e21ef29e78dd4b469a0b4750774fe8304ebbd9e64f0812ac4633cc5a9ef87bc1dd5afed8439dedefe261168d2ea46d1cee983dc8dbb20e7aeb2517571ebeae31331da74b6d127d62df8b903458291b3b84be34ea17d12ebfd5fb2b571b64eaf8b103f7d14ce67381bfeaaf5011ff387562ada37eeaf7566719ee13f90434e64d43929031da1f846b965d5ed37ec21391b7a474a613589d6058d8b4def6f46d557eb4fc2339fd17bbf37ee53fb6e0d9745cc2c398c817232558c4b84418b36df88502c928de4ce6a786a7cbd7951185a5e1e85fac132095f62ebd01c1aaa8", ['\x00', '\x00', '\x00', '\x00']}, 0x515)
r4 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r5 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7, 0x3}, 0x0, 0xffffffffffffffff, r0, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:43:54 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x0, 0x100000, {r0}}, 0x20)

21:43:54 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:43:54 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), 0x0, 0x0, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3028.332036] loop4: detected capacity change from 0 to 40
[ 3028.385554] loop3: detected capacity change from 0 to 40
[ 3028.503236] loop7: detected capacity change from 0 to 40
[ 3028.597052] syz-executor.4: attempt to access beyond end of device
[ 3028.597052] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3028.598150] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3028.753899] syz-executor.3: attempt to access beyond end of device
[ 3028.753899] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3028.756043] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3028.779025] syz-executor.7: attempt to access beyond end of device
[ 3028.779025] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3028.781204] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:44:10 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x8000, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:44:10 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), 0x0, 0x0, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:44:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:10 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:10 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x0, 0x100000, {r0}}, 0x20)

21:44:10 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3043.461461] loop3: detected capacity change from 0 to 40
21:44:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000001b0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3043.496755] loop5: detected capacity change from 0 to 40
[ 3043.510061] loop4: detected capacity change from 0 to 40
[ 3043.532152] loop2: detected capacity change from 0 to 40
[ 3043.537339] loop7: detected capacity change from 0 to 40
21:44:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000001d0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3043.711612] syz-executor.3: attempt to access beyond end of device
[ 3043.711612] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3043.712725] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3043.741999] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3043.829036] syz-executor.7: attempt to access beyond end of device
[ 3043.829036] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3043.829604] syz-executor.4: attempt to access beyond end of device
[ 3043.829604] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3043.831091] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3043.831695] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:44:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000280001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:10 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:10 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), 0x0, 0x0, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3043.911881] syz-executor.2: attempt to access beyond end of device
[ 3043.911881] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3043.914148] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3043.948326] netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'.
21:44:10 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x0, 0x100000, {r0}}, 0x20)

[ 3043.981060] loop3: detected capacity change from 0 to 40
[ 3044.023734] loop7: detected capacity change from 0 to 40
21:44:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000200190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3044.082824] loop4: detected capacity change from 0 to 40
[ 3044.163632] syz-executor.3: attempt to access beyond end of device
[ 3044.163632] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3044.165861] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:44:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(r2, &(0x7f0000000300)=""/229, 0xe5, 0x73)
sendfile(r1, r0, 0x0, 0xfffffdef)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x498, 0x2c800)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)={<r4=>0x0, ""/256, <r5=>0x0, <r6=>0x0})
r7 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000070280)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}], 0x5, "af2f1a9317bc6f"})
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000440)={0x0, 0x10001})
dup(r3)

[ 3044.211038] syz-executor.4: attempt to access beyond end of device
[ 3044.211038] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3044.212123] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:44:10 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3044.246747] loop2: detected capacity change from 0 to 40
[ 3044.359905] loop3: detected capacity change from 0 to 40
[ 3044.479103] syz-executor.7: attempt to access beyond end of device
[ 3044.479103] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3044.481411] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3044.502082] syz-executor.2: attempt to access beyond end of device
[ 3044.502082] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3044.504944] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3044.715730] syz-executor.3: attempt to access beyond end of device
[ 3044.715730] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3044.717697] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:44:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:44:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x0, {r0}}, 0x20)

[ 3062.134026] loop3: detected capacity change from 0 to 40
[ 3062.141422] loop7: detected capacity change from 0 to 40
[ 3062.145539] loop5: detected capacity change from 0 to 40
[ 3062.168042] loop2: detected capacity change from 0 to 40
[ 3062.198164] loop4: detected capacity change from 0 to 40
21:44:28 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000300190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(r2, &(0x7f0000000300)=""/229, 0xe5, 0x73)
sendfile(r1, r0, 0x0, 0xfffffdef)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x498, 0x2c800)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)={<r4=>0x0, ""/256, <r5=>0x0, <r6=>0x0})
r7 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000070280)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}], 0x5, "af2f1a9317bc6f"})
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000440)={0x0, 0x10001})
dup(r3)

21:44:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000380)='./file2/file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x430, &(0x7f00000003c0)=ANY=[@ANYRES16=0x0, @ANYRESHEX=0x0])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:44:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1442, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000300))
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x8000, 0x2)

21:44:28 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000400190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
write(r0, &(0x7f0000000000)="b7adeb07b70d73c73622bed3bb8d86defe8500c06b266b63e5f9c8e4a9e496842af5b00e5c91814d2c72497c448966649bef2e6bcdb5d846148405fba96bddefe05316", 0x43)

21:44:29 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000600190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3062.450320] syz-executor.3: attempt to access beyond end of device
[ 3062.450320] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3062.452114] loop2: detected capacity change from 0 to 40
[ 3062.453736] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3062.480840] syz-executor.7: attempt to access beyond end of device
[ 3062.480840] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3062.482607] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3062.488601] syz-executor.5: attempt to access beyond end of device
[ 3062.488601] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3062.489830] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 3062.518188] syz-executor.4: attempt to access beyond end of device
[ 3062.518188] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3062.520680] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:44:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:29 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:29 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:44:29 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000800190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3062.659555] loop3: detected capacity change from 0 to 40
21:44:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x0, {r0}}, 0x20)

[ 3062.724779] loop4: detected capacity change from 0 to 40
[ 3062.725331] loop5: detected capacity change from 0 to 40
[ 3062.730422] loop7: detected capacity change from 0 to 40
[ 3062.759177] syz-executor.2: attempt to access beyond end of device
[ 3062.759177] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3062.761123] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:44:29 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000900190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:29 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000f00190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3062.943212] syz-executor.4: attempt to access beyond end of device
[ 3062.943212] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3062.944620] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3063.082801] syz-executor.3: attempt to access beyond end of device
[ 3063.082801] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3063.084686] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:44:29 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b800f000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x0, {r0}}, 0x20)

21:44:29 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000540)={0x1, 0x3, 0x1000, 0xbd, &(0x7f0000000380)="980251e336f4cb0f7fe16c0a0297b6aab7f933f595e3210422653b7a4094b85122c1c9d2d22e99cc4656e8286b74114397b9d61271d9d48a7a3aeac4f7e21199552a7e21e6c3c1bcb836400b23bca677322e586827456aee69666b139e36b1fb2c0e0010f5aa28c6bd46e8a4a98a9dc06b64f6c38a9d442a85ec1e9d7fa6bf0c8266c5781e9fc703bc0e1e6d641d39ddba465e327ae7643dcb99f35c40259b21d435bda532567bf13fb3f6ce64edb2f41bdf4b47944378e95c3eb15a5c", 0xf7, 0x0, &(0x7f0000000440)="9fcde977a3702dee6405b64f504364510871c5a38f249f78cd6f1be8ec9c63ec9652d72f1c66e3614d8c5fb41190a45004a0574f7ddabe3b2dae464389984793259c66bbb0060a53b9ca1cd207ceef7295dc9f3ed21955e29cae85d926f02ff37292ac416f8009395b4023eaab73b2609d8fd34734b2ba2a009f800363f032462daf8b05d247d500e1969fd5bda9e6096ba210f1a3a6ae700cc9357980856949f61c26afd041337ee76d9a5161e2c9422d072d857b8c0786993b09fc35602e12667ebc9423e375f8087be08bf2fd5bbb30bc64dc33111eac4373eff7e2c0dffc75835d8158d2ac1c82e34c6155c6286549b282a44db8fe"})
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3063.200169] syz-executor.7: attempt to access beyond end of device
[ 3063.200169] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3063.201374] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3063.209969] syz-executor.5: attempt to access beyond end of device
[ 3063.209969] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3063.215872] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 3063.244011] loop4: detected capacity change from 0 to 40
[ 3063.320979] syz-executor.4: attempt to access beyond end of device
[ 3063.320979] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3063.322092] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:44:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(r2, &(0x7f0000000300)=""/229, 0xe5, 0x73)
sendfile(r1, r0, 0x0, 0xfffffdef)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x498, 0x2c800)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)={<r4=>0x0, ""/256, <r5=>0x0, <r6=>0x0})
r7 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000070280)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}], 0x5, "af2f1a9317bc6f"})
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000440)={0x0, 0x10001})
dup(r3)

21:44:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000000)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
bind(r2, &(0x7f0000000200)=@tipc=@id={0x1e, 0x3, 0x1, {0x4e21, 0x400}}, 0x80)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:48 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8008802190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:48 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:44:48 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:48 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000}, 0x20)

21:44:48 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x27ff}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f00000004c0)={{}, "9e9b17ad7869060e5755532aa6d69603a97e381c0ee9c3ce90a9915f3d3453c9f6682646cb2695081a7d5d3b4bed2bd17009d9dadaa0c613fa298ef1215bf8ca8f1d2e7fa3d6b24bdc59a6012338db8f6931667e0bbc8547e56eb52e5279d43810362f20432912bb93f14556e323e7dbe61a33ec03f7d900b315584edd8163757047a4c6cb3c912e6ef86df033f340d86e0496b0e5aedd4aa0f4ced6e3837e12b38838112bceec84c7c3c11583edf7ea9807c2557349c3774e757ebb8eb1786d061106417597f28a7f81ed8666c9a466a1242195032b5a858e2c2c3f26355b7e1af690a72d273dae3e42ee637965602aadccc0d42ac1fcd05db6d44d89ceeb3963d5634becd74d2223f70433f6aab3954df993b77b61e0a97e8543b72f5c25e7460dcf418ed48c53f230225ecf591d3f665a54bc99a355b26ffedeabc8aaa13c61145add7b31ef43eeb865bca0689f8163d6b1531c09926251e6ac60cb3f0ae25e58a4fc5babfb58613b5052dcd852fa293f2aa2b3ef6b823c9c2aa096060e924f987ad07cd73e0eb36e3f59ed5d85c765a38dd1755642647543f94e86d3c8fd81550d0252f6a080f04f65dba019fcfe971dd22f2e527dbcc6fb41a9831e3e59cd6149ef5ca1cf3e0456fc18f797adaece34236cc0322b166df47af60247559664fcdf515268078e97acd96fb2152c3d3ffaf3052b8aa99581ea5f7047c5c6b6f0d6310a87ac654a885bfe9d214e495f7f39e7037aecb88ae52471b03adea518a96096f899e34f44d2019c5ba54a5ae29a33f5984bc22a6b048a109362b8e14dde664f581336a990947cd4b6c79c20c4ab9121e6e309116e5ec4705d15d87d3d1d7a8429bc2218eab8a51152366242b3619675b3e61e798b02f29a8e872fa149624f85f5c848f886ff99d7758dc1d87f9c2873557142eb3837425f60b4e62714e5932331a828a11ebd1c451d866163312fe8d319bed83e86efa57db85474510c35c73e1558410d10ad0b5125cc6bf92573004d4ce636a282545da4d9995b0d1df572fbefa95161990fdbe4aee9421fc49afbadc50030b2a7836583bdf23127e0c5780c1fd4170f70594200e25d3fb05ebdb32ba5544a24b4c007178d4e9abc4f70857a5d9b6d77370cd3abd87ade44473ccbf69a23f468dd71fe40c39000c975d92adb22bf887168adf2ee89f9c3e28e1a9e3b79191007064669c95e84b2d5839a0edd0ebd312b356563f76707c86dca37b032ff8b9dcc976ffc5d40af5c4a89c131d7038773726cbb245069e8a46f08a4b70b1f981dfa6884de459f202ffe3993f706ef866086d9f19dfeffc953688beb96e73f3b3b8bf305697c115c9144c18ad4e42ec4ba309fc140f85990a76e7a4c5f6af105c4c34aadd8abe82cdbfd49beeed1ca24254455f193b692371e2272c182447146ecb5d6dd08296a81b13fa119a8fdffbca1b1a3f6e94123d6ef30bffe97a83b7151d3d56b9aec84019c987dc006a387472389280abc1f0e25fb488a8493f23b8fc784e52c86c9ad1fd075a9431c1d48022b83008a4a6df3d8bd3d0970cc3006ad681ef2530d62354fbf79d3654ca9c2267f5b8f624506ebacce1155bc811258fb75bc1159d7133145ace0172bcda9cbe3dbe19e980c57028a0a3fe5bdb6c923c6b2de76f7ccb8b222c9f24d6ff3101f5642ad8fe458940c3b40f4a9cbb5ddeaf897cfe49d62fa13d8469185066fc0a4625325449916bcb3749f45a658ff87ca4d3e4633915ccf7f8932f1d1cad2543239fd4ac3e4844e39aa045a9a713243430c0f5e7c9851f46b785f330706e4b4ed9ae70a73f32226b0cce5e36f89edc1bcd7fa28a04873a1969828fc65873cad007c7f6281e1bcc0b9effbc10c7e0e538abde9a5dd86af96b96932193efd80839c8cf16193c01034b2ef3f9510a4f1e21e78b4d307660d076025009d02827cec051ebcd8773554efc074001e378790f1fd0d4a331b9779d25585681e82db37deaec572adc8e405b08e108af41de22167ccc04bb9539dd9cfe702537f181098d889ac371b8b68e556b17605580cecaa6d29305d49f4f8aeb619bf11c48eb8a8c49a1b23cc344895c902db4511c835386f4c412fea9440f6576c0fbe2906d730020f3dbfab0257e1c6b723f93b9589d6f1ed503465cea129236e68a83dee917821caa393e850199651bdbee0ea1e9eed24ef2826db10dd6f33834211a66d436e1c85770899e9e141cd323d07a348c4f12eb2c53fca0f598da4ec94ed4480fa50d877af023f97703c41cdd88ca4dac042f2c98842c83e9cea7bb6642fe0afb8a2f09ebf2958c9f0a731de5055c09b9a2ab75d56f192441221d8f15c0d7ddf3e2a18382096733dd8b788f750cef3a316cd726e754958d94eadb3cf5e85333739006a69f8434c439d0acda8a4405defe4419f85f1cb2a6e99cb1ba571f0d9bd59956d93a88bedac3aff9a63e7d1678110ca00bf10d734260c5bc70eafbc5c3c95de04522723cd83a198f9e1764ea3e6bda153c9c21c35a2ce1094e8811546aa8999f54830fdc34a2736365faf5c5109a46e621961727786b214a929035065f08d5f9286424e6a74279922a82287b7ff6ccb396ac3bd3b2a46b0c057652fd86d1b192468b00f02ae94a8c64ff0ee87b6b23e93e5860e7ed7e865a7b92c0b93abbf742f8cb193b6bb61c29b479c479e699c795ec898e7caa03d923dc9064dbb47d8472a33ddb9727401d2dbc8ec1e19fbed91b4d522c673f9ec6f70f22a6a0cf023996aff5fd6dd19ea8360a20ef496d8291b1ee21ecb4ab251a56bf2a94243df6cd046bd42ca4260c3888b8fa59027604e4a937adddba685250c5420cb065342b8ef78c632bd9f182cbcead799a3d93f5dfdabc49ee0766a5c7080fc35f666b47f962a0000dda89e8824c20beeda223355f6c326a679f2bbf9de4ff57174eb09b168087e3d2ea7bf1b7c17856f14189b29fcabd3b62de3ab6b7e0632664c8e8f2f6fdb772a6ebf930c0c68e350a0c462440c07749c16dea4d7b7162ff72edd192ed30836786f5e986d3922669a17293298e36458b28ca3932a9545dd5843b4e2d8b9ffd5d131d1ace20bc57bd0aa957f3907faef73a7c9cc01a6bf6fb5309e144cc60963d8615de4352e3c497ecf44cd331562f24227157903663ac4d2efa34e7a1abadd0c76953b598283bc4869dedd09232e9dafd50f55829b7ae89d236f658a6683b31051197f3cae04a5eebfa969102b5eed0f8a97eec6df8c495dccdb133fc767a308ea2413752919243c92e64bf51f1c1ccb2a4c4169a3ca33fbc7987bc9c28a6bb193262cbb934137c6d8f5fbd4b22718557255b41be28bc642cb51ae792d4fd2f683b18443645f7c800a324b3183389d935f118da4a1f5eaf9974a4dfb395537715f6105da0e17c68b4937818791ec6aa9f0f511ac176326b60008b7912b6aa7a61c01ca2d4d3d6865104221ae1123c3930d5c175da2622aaaa918b0995d6faaff75555d74c8f5b05e3de65052dfab907256384549dde86954127a034262a21385f8e3773c9fadd60c715840c8d9e252c5d717d3ce974c8a0903b1b62534570b56214910285d646606b61f5cf73e3ca579844a06eeada02f0ffbb0cd027a2abdc4eca3827226829b3df4a4042f5daa856e529c75b9e11cc2677f71521c3bdc5fe60e8b0fcaf53370c42328e6c65c3d674758194b390fb40d3d191aadea4d785ad6f58b817106ba246a1c0bafab25f2edb36dee0df5c3609572e7beb2e25c84397a3bfe9ab166ace3c41cca9f44bf5ffbb1641b5ae42a03883a7653e9e9900f299950b0118dc49dd23acf9b31b43cfe20d489c76c49337fa4b4f3a0729189884d3152a16923c585b3ca6f0b5cbda0d10cc0dd1a2d158bf7ecde3b5715235b1624ffd0efa57f6c4482817d4413e7a6bb54a0298c0e0c817d0619c15330f9c8afb4849683f9de94121d349e83ebbe2023cab31fee4bb6e7cc1a96a4ca6b2301a21407d66980342bf61efe53c8e3e3656c6ce5da66a7e8aceb548ae0421f1ee93bb7fc038ef6f83c9d642c455d7a754bd88c34f6640dab44ddd0933389b24d4a0f4eb860d755fa3eb5a2cce6832bd8493b88e46ee35160fe4f18f145304a7712c8fad7d78064370ee89d275932b3d1fe784f64c77c683d7c9aa7ab5d979462ce2a118fd790d7ee2662ca612f72279c11a9649bee05ccf4188ae09e8b7e155f030ff5a4850d0bd1a8af00aee73fd1f5ca271bad43df450a18b07f4a15bd079613d7436c22e3f53c2c52833616bcdea610c6bf14f5e19cbde292fb838935d53e524d6171a1f4b95b4aeae2175ce201411d8b42c1e0aee09b41bebdc64c4f1c492eca2340097d6313ac972a587df51d4ace91146b3f1cb35e1c954b3078570a468578f265c951a2469683f8c5e3200bf8013c018f13d65d8d45c6a668defc83aecd572eae7e068c6a0faae487b39080f18aef89d30367c5039a6dc49d7db386a50306ff7588f15678e2998c0c954a60a82198374d744d3a4654d14f1c99ab4fefae5d5f5eefd6475d71ec5ecad3445ef19f367269a823c9e6a2339fe47bdd5d74146b805a266f76d2ae3df5fca93b2a3a52f0c262939303cf323e22e76d99212d7a03a157acdd91abb6fc759b15b401c7f60e89a8877cc71f3fb58cf98900a56fb5395f10c5066f605bb4cdca1fbbe9113c7222eb390e3decdaee9ed5b7ce738bca6bbd946349d2a621f4892dd2a80dbc1a3a8b005a3692ee0a997666af93187960f291e55ae59b1fa29f16c9748b3fb001da191cf1d75d24c49c9db919141ad3a7b6c098130db5f1a062fb45ebcabaa3d2970a4e9cc9bd7437294188511fb381939ff75f3c839bf1fab86b18666097eb1270ecd9dc30d9026437236d4fb5694ae4d9943adc6a4676e3b9fe957a14219ac73a9255c2fc818b3b428092538591a801edefd340fe1d079c45008667a7b6a6af9d50ef3d78d07421c62e3b2cf4b23c024dc899e3f8cb11b7cf667b1a216a20a6c96768d4141b0e455da7d233aa17d0f1079e60385e6bed810a16bc6cb19cb6191ad54d1591fb87ea3b525948341bec203217a8f945e0e69cdb9d851588c43db2e5190074a854ea56a13f9eeada3e21945ea6ade44f72bf408ecf8d228e39283f200786c6f6a37db29d22a0fe4ac991fe634cbb10aa32a80fa6b4f99b1b56385fe977a146f3a9f7af5d2948950713e86ef6d713ccffdd690c6281bf7e6f6a8213a80b367bf0e1b88645e9e37070a61c6405d5b52a7e7770865cfc068d5aad6b86e568a81139f78b3d8a21dd92fec3eef1f6e8105c4f6791361fc93423d4761c988ac0f23a0601b77560e37d3aed4cb9adaf12d8e094f0b30eaed3c4858d9dd3d5399a3ce61d3e20e307ecff276910197d0528563f1b718dfaa4287b16919bb6066470468402450e2121ef929ac925b1219974fcbd8c63a9c5df37fc94726f6ddde294aa3cfc141224bfc20b1f36b63e41543cc5de06540ae7cb3c5453eca134301d062e2aab6fb274cd88588ec8fdef629e30cc8d3557fe327f68415be75b0604204f86c94e970d96ad7c6bc70fa620a31c7ddbeb189acaec388afcf0a3c42e23f9f7314a5eeee80382c8315296e8cb75a48d661c171084589c0e5e6eaf21a8f77d21c78c88a33b0d2315161aa82e5421467d7bb5c72a97ee39cf0ca74da19585fc4585da19c39fba77a81b53d7560abb8fe9fd76d6f7fb70e07849ded1d95e299a89ee09b99654ea311b2279efd781ad6a7476a62c9321d9e19d67144803d754105bea53c0a7"})
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x19d76000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x28, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
setxattr$incfs_size(&(0x7f0000000380)='./file2\x00', &(0x7f00000003c0), &(0x7f0000000400)=0x100, 0x8, 0x2)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3082.202422] loop2: detected capacity change from 0 to 40
[ 3082.207745] loop7: detected capacity change from 0 to 40
[ 3082.212038] loop5: detected capacity change from 0 to 40
[ 3082.213903] loop4: detected capacity change from 0 to 40
[ 3082.223206] loop3: detected capacity change from 0 to 40
21:44:48 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000003190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:44:49 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000006190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3082.629778] syz-executor.2: attempt to access beyond end of device
[ 3082.629778] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3082.631636] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3082.640165] syz-executor.5: attempt to access beyond end of device
[ 3082.640165] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3082.641911] Buffer I/O error on dev loop5, logical block 10, lost async page write
21:44:49 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000009190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3082.671749] syz-executor.7: attempt to access beyond end of device
[ 3082.671749] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3082.673925] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3082.745149] syz-executor.4: attempt to access beyond end of device
[ 3082.745149] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3082.747594] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:44:49 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b800000f190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3082.852170] syz-executor.3: attempt to access beyond end of device
[ 3082.852170] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3082.854256] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:44:49 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:44:49 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(0x0, 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3082.987715] loop5: detected capacity change from 0 to 40
[ 3083.020206] loop7: detected capacity change from 0 to 40
[ 3083.303008] syz-executor.7: attempt to access beyond end of device
[ 3083.303008] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3083.304779] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3083.309762] syz-executor.5: attempt to access beyond end of device
[ 3083.309762] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3083.311692] Buffer I/O error on dev loop5, logical block 10, lost async page write
21:45:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:05 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000}, 0x20)

21:45:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(0x0, 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:45:05 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b800ef79190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3098.918190] loop4: detected capacity change from 0 to 40
[ 3098.933631] loop3: detected capacity change from 0 to 40
[ 3098.935813] loop7: detected capacity change from 0 to 40
[ 3098.940341] loop2: detected capacity change from 0 to 40
[ 3098.945109] loop5: detected capacity change from 0 to 40
21:45:05 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = syz_mount_image$iso9660(&(0x7f0000000440), &(0x7f0000000480)='./file2\x00', 0xd, 0x1, &(0x7f00000014c0)=[{&(0x7f00000004c0)="85b3fa327e93e06bf298d19422df81457d0d9e4ec0416802988282a5c37353757b024d2318450e02df6c0a66bc22099e21c2e138fcb33b2afc0abcbd445bd2e67b542ceccf98ee6d90bc5e793dabe8b5ee72156a0c7a8f978282a96240a4c230470903a976f4c62511a4222cbeef3ea4628b9641cf6e34e399b451d6e2eb7585576a8f6cb6641fb2559f4f077fccc85b984a19b085c06d9bc52260653faea8bc34b44fd78ddfc99e99a870f2d130c07da499c807dc462c52e5655edb45315ca96beed1d5dfb5b93550b3b96f26c5b2d58794465e23acc35e0003453c90d4cffac0d61c3a8fe08f32fc5dd5e2985e7c2c95e3715e7f804e1145cca46e1928eaef14a633b601b4814b6fc386c0cfa0ddd85de090c490c05023acccbf384125452da99e35376222ddfe8c34f9abef8113e36f053fba928f64868027454a0d8079f862063a11d9aaaa7dbfa2d1bf2717cdb63709e22b5bde1bac488f1925c1463d50be8d807ad3336ae39667567feb40143899d1c144099c8c4b9e7b3124a67f163b47f605ce46296ec77ee4955c27d06c46e79bf33401372c922d0fc7905928c9821396891fa35f70818c74c64192a2aa1159cf8488af6bbe4cf9cc1a832242636ad9ff46167c15b70a938906913b0f137b12ded966a6217e00a3c0a186f8aafa8107b9f10d091bbb2d3b840d58770f3def4413219ec66030a62f1bda7120b31a4cc2618c3511d2f39bf3e6fa3ecf1534def87c5519f79c7002e6b6d0faf3eba62ddb7dd618859515a9bd738bb140908ea977476b9174bb9545507cb4b2bc9906140ce4644d31bbcdabf5970df7acf5f0318ba37a4474f944286f7b19183efe115369323c61bf3b4a0d451a233c04438bbb5d5ddb40bb3b360366190d19f33eb58f3ae7f5d98a189f6bb8a9e2ed46b01e37fd292e028182536ad13aa1d9b7fab6e89a1388c2ccf0a4bd4e8b88053c41deb7f52900959932f7f30436d606e654d2f11a5c78fb7d7591cff01cf8d87260e6c6f66f411585b0f950bee460e87cb0946be6a24b90cbc5d3d49ff3c82053c00592cb206976ce77b780509be94d071fcb71a494eaae7d8fffc94ea00eaca1e130bfe68a68687b3d25d90052c23f702cbf9fccca5135ceb1d2c1b6a026f7c0a5c12dc221dcf9c549f416ad02b01b86108b4f809381fa7103ee91a3265e4d1138c69cf87e43e4cd80cd13789a05261f96e504d8be597cf8f545b4ebf53be8b91cd76f33faf6cc210f5ff6d9045265614970355992943d63993ac2385fc5fc9b0622259479a18868ee9e2093fdf4ef6ebfa9803d373a08ad2cff120da2fac9f085b0eef27c3ee3a1e89ded4c68b14a4b79919c4475a4d4c904168e5b5ab5c247fa8c6cc2dba182980ac12f4b22409f58889b2ebdfb3d873ff3787734534187b9e9f77b07d9d64cc8f85801e3678321481c431928543f0dd63ef843f516dd7cefb1312540281d99193cdbf995692330ee054c09bf2ca1e57e3248b86306e4fd4e84a8d27ea531f8564db1768257261ea1ba27c8e7b32fe51580772f9abb5b272bc3ffcf63a132475ba1a91ead7e977f002b8589fe84b354b6c11cc1f972d9d53c5374de812dd8511869f72c6abcf02ed45f49b2ed0a127c6237b91c6a65b693f5f0f3e87dc42409f9f9de8b3eec118196a11b2f09f9c7d243359994b7a1f4a0e55ef13424b87caf02f1556f8e26bb39c801d81a212fddfd1febf5e20770a4b58dd734effa1fb65f0f00077ca76874a800fc8ac753b7b42b9a387679d82d10875076c09857ebfebf09925e49b2d62cf88170d2928e8f9ba23d6cb5a68d6c6cbf6227d3384329ead83fcd32fd79cb1dc3d1c1a24b82b9239a0fab0bcc158e429691d5cb4278004227967783069dc3ef60aee3ef8e74c936fcbe2a2151694a787adfa74df2e9512afd5ccc01c8cb84086246f734a3644d50b0d75a6bf8bfbb2a396030ea6b1467ed2f92db9b1c13bbb14902fcf340a8d263a603eb2aaecc91b3b0d4958d0cd4c904d7c6574d661f1a813ca48140737cffbe950ce88a81b19c3923ba5d3e14ad4ddd95531149112ebdc81336ca63caf37e3475a447a54065c90f75559f710c1418fcff0d7ee1cfe65ad606fefe0d8e828e5d19f94ac23fdb6d640faf23211f41f4401d1939580976cc1d7f47f9f7fdd092f4abeb09a56becada01c7d315fc40ecd733c8ada5a020e3eb6b839f4c418aee8fdb4dd565b8d582f8d64be5e2d6427243cbba4d0da57ee562d9a1e2c03883db688811b0eefb75ade4aa94aa55ff7674a16fef4162b05b8ed6bc19623c17547285e003b550ff6dea800f713771d74cc81e76aecb2530161e2ec193fac3aa998b64c6c62da94fe23f7b900cdaace72e6d9cbbaf3b561ac05f3af556bfb5e74bf03ae19583d86e8227b41acffa351a315ae461a37b60638ff491c3a4f40e63c9961a193566fd2438307930567aba9e4f8cbd04dde9c7410fc55f8e3d49f525e1627945e36c79b4c349deeccf7f2e68b53a6975713d7d5012cedeefbb1cb532b1809c78353b3cd10aa6b6c03de392d1bb64c41f69c40783392a8e6681e564b80f3ecca922780bd6273b2f3448f6ee4be3864470db4e4d202f5cdd78e604825811cdc4fd7f31a4ab385ffdd7d10dec55b743c7592147957a28e86d7cc191d37ed8703ed536baabcb87124adcee86a5b049f32019ecd6e5289c2fc6cd1b9b6c39f2ef01bf615f87e6890a3787dee0aeeb3aadbdde2e4e5e031c1135867e4bd38423b1dd689e41506cbf67e6d8ffcb8ee47c5e9000be55a05526c2ade88a43347b5f1665f1d74a3aec6f32a827c6b3aabfba38690336ff18ce5fe355095015bec51b75b72d338084b40a1b006cd7961ab27271bff5ab5842ebb66b6d9924d3766638a123ca43f9d59869e6611a958efdf0178f59e1a949cc4fbce727fa3ce41032099eac1e63e4281ddfda11d3b0890626099efecd710094fa4bc49b8f2429dfc664d957e41587724ae705adc87b2826767755df969104c24c180a37e257607dc96ed69e8609bb9e4444f2ea354fe79e146bafa3f782ec5adcbf628dce6c3ac820aec9de6def428fbaab850602a2fe71aeac46aabc0c7f04f6dbfbd3e97a9f1932c69325cf8f1d49d3b0f0cbda30d43b4a08c521bcb9f101abeb8623f04b2be2e357024e93c60f551e4fb6c22f200c1a81336d8d04bd0c8a410a8e043c228a5e444b2eff3f30d03f0b0ddb8361e3fcfcdd32b8216668999b55134510571c8d8d66b2bd63558983c6c5036a863d8369edb7c12d12c745a46d659d0baa160e93f2b78621a89f58a67df48036177e74e7726fbeb6938a083b2527e33f585f1db5bee79882d4e239fab558441ab15afe429284f0de4ec91182d78519c5e558e5205ae80713ce04c1cdd5dcf2ceca65d5ea42392e32f6085a114ed76ec3597c2aa4afad533858c67f9ec27207eea6d6c54a76bbb6e34aa9bc3c72bf1778fdfc173556837c613419fdb11a3d56d9c3b4e766f4c0868dec4707248762bc1e6d9d7c045313ba37aa686755cc98ce36530276e0ec2cd6872c2b7abb37e13e0673edba8c461d60352cfe6444f3034b4215d32cd17588e1f90d2d7d8ee34b2c436201adb781109f0020bfb7b8f65accfa1e0022ab7209b552ce11ab29e8fd87a1431070b7d53cce271eea017090cca8353360c9a953bcffff34df8e7174cde7d54f779423bc9dd565d3d70a8cef3f32e39c2fe5386821694878804a7cd67bc3b1a3d63e74b8db3624a892c2f72b416b8ad08ad7e310627760f5775e9e1d92b42ab90759e61c4bc7da4159ec722f1ea1809719f530dab93c5205d9c704990e46a37dcb00a510eb850ed750213e8759b4b54169144dbbdde94c07c52ecffd22378ebc1b25652053a72513f602a578cc559653bd750a28cec35e3f2d44c2228c0b5bf4cf3d4f118af6b4e50b6e0a65e366441926ec3c2ae2541af1296d694bdf0f2f2b906236143c1c07c88c3ab752943bf81d92d5e8f189e5c0bcdab0b964e1d0e0ea592c058ed90c03f68421003838a459d0732c9b4918aa5b3bdbf68bc1ab5aac7155fb27edaedbef2e65bfcd7c72a96b4723748100ef5606cc4c60a5e1f274534ab8bd729f2adecc9e02041141d9d659ef27401c3c79f848ebee37305cb84d1590ef2edaaaa6941ff04e2dcc929dc8dba92dfedc55cb026b645995119a024e09dfa4cfa428633c01443fc48c6cdd18f7fe7c1d933a11c9d3d7e8e308b3a12faa0e36997f25b2e1b750d992f49cffe101e48205779e5e869d2d6e07417cd79fbf028e6224a77c071c24aecc07343a6aa222ca19a40ac87e416ea147d0c98d6c5430206c42cfa7539834feea879692a8d2e412f767069aca085edfb0c22a0eb2a98589a738fcbbc1902924307d52232833e3614a18326550282f613f58e1763f28478aff72a8b95dc7599010f99f1ced707f9e2760b0cfa7d91cabf49308a8b60b6ce4eaf5a1afff86c673f566f0aeec92536d643f7c547d9cee492bfd0ec98b297a5fef2558fa911732fd6ed7fcf4fd70766a8882879a95d8ef8ecf929a8a7308533d51ab6a2b30e6326ed67440dcf5ea29c4ed37d581abb4918ebc9af8308eccde3cf0c67e60366266aae00e4a2f2c0034e619b9e19d13e73ebf67a087511aaa094e7811b36638d7e709d036501e6826c907bf3cddd3de0ce5ebb355158addd86d236f2a9f8fd745a18fdfdf3a7e32bdcd447e1810a8f35b6d63ced7a9de1164ee098827baadbfddfe5175299e8fa516570a83cff7b019f0cd7de662f95d7f2cf320a05b93391a45338d7ba53c47ba585f23c72a650cc45ef0c6f95cc8ae3c1910e1d43bacccd76065575347374490d3ae42ddec8f8760bc51773d5a58d18fd6fb8f62e308785864210f496425a3235b9ca6fb283e0355dce32989207357a17ec6618276215389c43e9f5c3c1543e5ba3bc7be529ac0320d22a314c876c52030a2e7377c52b45e49b6a59ffe74de8a7de41e592d3066a92250addb4cc69734ccef53c0c45075ad14355c8c0a3e503cb3c7f81acdecc5c19d218c1b6a48ae1837db98bbd79009e5124cba7810223e72cc547ac6994c5963bf3e949893705a2840e466c393db02505424f0586bc79ad005e6f3712676414aed3c0592e2012e3eb794b92f3b4c0edc3eaf89752a9d63ff91e70cd4ab24018a78e68b6e352298abea88bb6686c1b895094ddb4e8fef6171203c0848ead666d5263016198d55e9ee165d457bca98511789d091f48f8d710573383597a55868a077d560583aea64db6ae68c1993d19bcabf6d0413183d60c8110cfdd23345c93c9660333264e4db4f529f16cd5ff29a46f881281a1567635783ae0716a3c0d0513c82d292aec7f00804cdd333a227d17ddc1fcf75d831c417bb2777e6485ef64e9ca2f4ef1684a1689fe119a384f92dbc03fc07f06c474e98420cb8c081693bbe7690f9457040b0fb41094541350982cbda6a1ea2e2b2ac5a6d370e10a530eee98f039ca0efcce234d9446f05348caf1921e71c4bf300695507bf53e60d1f1a0bc22a52de9aa56b4c6cc55637643b0b473c08b65a98b36546793ef6c3872fc513f26d0cb2f86df0c65f29b42003889644c387a53fb80cfb003520e115738aa241d4f7c6f4fded0c9e0893d8913ade72ade40541159472a4bd2a9eadb67ea0a5eacb765650ebb67979d8f2e1297f002d2991edc37a69a975aefda57cf35ce75346a86fce8262e6f73a430310fa2f2c2944824bdc46c851eb4ba4abb8fb61b57dbe610598fff92fe332ee2cb9fe07abe8b", 0x1000, 0x4}], 0x800, &(0x7f0000001500)={[{@session={'session', 0x3d, 0x5f}}, {@hide}, {@unhide}], [{@fowner_gt={'fowner>', 0xee00}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@seclabel}, {@dont_appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, '\x1a('}}, {@fowner_lt}, {@appraise}]})
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f00000003c0)='-\x00', &(0x7f0000000400)='./file1\x00', r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:45:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(r2, &(0x7f0000000300)=""/229, 0xe5, 0x73)
sendfile(r1, r0, 0x0, 0xfffffdef)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x498, 0x2c800)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)={<r4=>0x0, ""/256, <r5=>0x0, <r6=>0x0})
r7 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000070280)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}], 0x5, "af2f1a9317bc6f"})
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000440)={0x0, 0x10001})
dup(r3)

21:45:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf32(r2, &(0x7f00000013c0)=ANY=[@ANYBLOB="7f454c46097f0805040000000000000002000600020000006101000038000000e60000000900000000002000010056b1ffff03000000000004000000ff03000001000000420000000400000000100000000200000000700007000000020000000080000004000000030000000900000009000000080000001add9220b1d7284d3c8741cebf36c7fa462e4b4683e97eb94da07be342da82f6d5d26681b05497d1c5d408b889b6021f99b152208b190cc8fac3b34bbabf69fbb2c424feb51a3f0f40041be5add117c8832cd3196bf4d047d477e842347ae1b59012cf4509bc29414d70741732274701331dd05e92ebb4aa806fb791c348deef777df95a12a5bec209f7b6b575722ff0e6acc9c5287013b94d99c89762ff849af9710935c88da996ecdb3f29be8d18cfe61eebe0bc12dce9dc2204b774ead661e03a9022d53d554c3f5845236ae75c58eb6fa0b184d110a07816ee913fc9f3e06e7ae80995e2071ecf8d2928ec26e59b879d648a345efd59703fe2b7af6568769c1328098624d44a184652d80e1147f2f7e3c65a0a6d7c59af340569c4f12313b032cb0cdc294e13db51dee63cb9638c61a7c83e6c721d8d450ec6eab1cd3e56abce44d3453a21345f2435ca9380149541119267ae44eee3fa32badc43206b75fc85da00517fd9cc1cbe666682b90499ed6565789ac8c8faaac8be3fe3430a546b232f717ea3bc9d917ebfe5331f89165257170aff3cf94fe0e3e75b62790fee3d7de790f1acfd0920b24e552b5fd0eb96e003ba90049b2763f8e5ceda7fad44455604e0212768da49c7e5557bf260b8737e434740443eb21118df69fe797672f4f219e4c067799eb75093d7657da61f3360dfdf934fc569b9629ad9606a0edbc783c2df56e53bd8c1cb5d5793f576b4c9b05591c4b053f08134a3ceb18897238c7a2fe6ca232101db43c4e63a8811a907bda810605bc79ce898462c4a9c16dd6a8e64b66c114e3d1481e7a6323cb6851be39247c12a01639c8d0cb85b31eb2f72d431433fd7922b6a3c007a130a1ab2a348cb5dead038276d98a1a84004b0d96b54e615cc31998ecfb28147f6e663a306bd43bb8a8a6bb66145c979a49d1a3cda7755cd243e4c3954fbc9952d7941921a11965285c1f4d18009f483d00c1460fe66260c77b946e998d70f18f62180e16115b596cbd5d2e9490159a89d5ae2d7366cd956edfe0747a9c7ce55db2e6a5c1fbdb74255d321c7377fe8f5d7ea179f903d95a86c3ce5b145f88b59667939f4fab3647ef233cf18fbc682d241695757ef5ad32ace19fd9249c7580eb60ee183932c2cb4b8dac39918c9d403af2e688024f0c73df3687a962911c033522f379e7acf189915696abe7df739970b9b759ab3539943ec196b95751aaaef651bcaa324e313392e3c423be45639313c7fec73a06070a6c56c371dcae56f54a78639e414794b7fde61a391118033925388e9bede9d969c3214343d0e724b9189f5abbecada960f5df9b9325c4d6ddf04121222466b0fd80cb598ef3e17f512e8d25e8d1090e66f773dd4a601c664dec0d440b4f0b15617f25b0076ec04918634398773636709e68cc82770342e4e77d892e64ee72b912331cfea1da8da064ea9ee52dd417986d41355a7d5ae8094f726ad086448a92ac766d814bd7e4bfe9485a65b0d19dfe11bfec4a222cad632a1136f0ccc0eab283057882c80d576ac11ec1b32787ae9aba13a80564d9ce004cf5a8db9d134f8c4ea219d610bff213caf6f7f51422c8adb4ecc8c82507c03efd5b0c9bf86f64f4dbe17a462c6b05e4220f95fd2be0b852456e04d7de025888d80b5034dd6ccacbf78ca7a7881fca0e5eafe65d627d360843cce6fcaba58f1059253b4f70f5b58e74f6b8fe5e9a5307fb01fdba53e8c836c8aeb16cf4b9386e352fcb90b86fba9318eb07bedad1255ad7aabf26ece83a2329e0dd9bea47daa484c11bfa43ed4a831828b2ae2644bac841c9b17de20a2e3f42650aa117d37ba7159d36ae2245d4a6d0aa4206907d314a7a06fe0f3f1fd20b943bd8759f51f930194605a7844571b3889b859a7795937af888f12765476d57a7d0b86f288a0922eee66c03cf9b0f9d1a1782497f5ddd976ad3b97726a162c841d519ad75605b386bba2a24e693df20dad9036e3da3fd6d61aa3cac651cfbea75b742685e659dd8af6d8d3236cd6d55927050eb6fd05154fcb731d7de4ffdd6df2cbfab216fccbb87eff67d095a5ca991c486a221d549cdd1efee92911b94bbe021a0eb3c9fcdf5fbc62db0ce79efc2931f622339a3002db8ad9369d1fff472910f0530dff2e46e8010295b04d6c193f64b24216cd16c83bd141bd7d6f186bb88e7c445d3fb1b88c892eae39258cb2bb00dce91a4f952dcc592c32f8f3b444bae54778c66bce37f26775af95e4a25338ac9ebefe45f9b01a35cee8cddcac6001c552e0cadca8a7ae881b76605e7f07f8ab4cf6a39b62a7e1d7dcb99d7e7237cee5f61ffa467672d09d5a44fbbb1441f4eaf6655856a104480b62fdaf68491f0e0b723259aeb07178ea89b096d5fdf8eeffe3a0a75a5c05ef76120a4c9d56817694a85b5b53de0ae4a9582cefb1dcc3c78f902c06b238387b27fd50a9fd1f811966a9cbba9e2144728ee7bd6f20610609d5a67dd463273eff581b3499186cc252097f73035822be82908d270c6acbbfbff38a69d5099f1330e666d8bc84adf1560ed37dfc6fbe1c5a8e8539ccd9c700bb231d612d026f3169ab64d3ecc6a9f83ca716ab342dd6787fc91337b8f39de6d36a613426d9c17bb29d59e47e1887d5f145855d627cf042fc2bf47326a284dee28df0354415882dc34aa0fa960341732e48565d73db55d301b541bfddfbc8e04173056027ce5a1d13407d4e35f9dcce84b2724f5b77e9a399a866db42068382a8c7641aacb2e55ffa08fc00040caa7876fa85d62947ed8af455374f03fd972823eeb94051392c54b72041cb9706de60e1192a67820b66bff41dca4cbae7f02c2faa9c8da5f975f85e1558ae0f3fde08627dfc2b632e41b135d82b3ea06fedc6e958183671096e718af6ae0b0b0c4839b28aed3d80d1d55792304e376e624f470d9f78f69b510c9c3a5977ae4b85248502d532d12a29e2ceedcb8771ba8bc3d22a32ca4a466530b10259ffb156b83ac6f6c3be6e33541fa97db4330a31ea32c63aa4889c2a79442c133ee972e23f0e3c6c5ed14d74f6ce15b6f2f8da2022b5fd740a31f0ad0908222d2de739b2913f82c588ebccccf5064c8588ef1232d84c147a23717094552704d8679034b7ee678548fba72ff6545a93e8167e5d5f8414a323c3f128728beece61d00ed4cd7634660d190db386c8abfdf212653d87ac48d34ad77e82bd2410aeca571a79b40306fe38a2dcf63b556bede2e8c5ee830c37cd08451ea386c033302848e378dcf7f1635a91b474894f14521be3239dbce7d00fc842b7f3efb90a517f8f81f8348de369adb66a3294bc957e2a2216e7cfac8c2e5ba95206345168e12609002189274d16dcaaa5cea36824b24290800c1c2277fab9812c9378d2675090e38df08fdfdb89d40e22850be8959fbb9877b54baa3fc9608ac0ff4fe42838c11bc6e5a0c91bf1a48bb6661e838187eb4164a02d4f7812ed26bd11a58d71b8eadf6d6d2bbaad3e5a0080d3ec85972330cddab7d73bcc49123830ec457f811edd88101561a0f843eb7a216503c85fef84a38fecd0965676d912793482e0e6bf3d6f619a36637acc85bc26daf9a7c7a95631325c803886afc59dbc88a820b566f5dfe9cafb2e84adc78d1c47ea734a28865f97e775741f145213d205aeb5a4cc735caebaa39a48b129f2aa3aff5578ff6e49dc3be024ba13134a430f2c09b4f49383d02526aeb5efab57d5b63476039eba5247a19177ed376ef4e116d811daaea9f09b8c18645b2985a7bead654d2afa81de1afb52de26e8284d04bdd61785d0f83247c23b702f429e925bea2832b21504488c8170639b46236fd5fccb4e3483e0eaf2bb5967156ed6ab94f166c537ee6c1de99e585e80e8e3e29caa4d31b1aa61193fbdf6e57839a8e385a5e213943710d6633138179e6c4d1d6bce6e0bea8c1d6cdc427e10191bffc5df452a882d6c482c8294738378f5f0f62dbb2f21aba010e765e94be7bdceab6cccb2dd03b39e7c743c484e0fd1a871b8b58ed3d942acf89534655daadb2c2e5fc758ce5ab396ded89a3567eb6d9389a874675e0f04425689c3913fe622f2b5ef407e6598f797dc597253325e7bbd34cafa5c7668a72be69dcb249882db47c922686a66ec64f691cc8e5874e873236c3c9aae666f9ea98a02d64f883647d49f937f987a6c96aff20f1a176ec89e8becf999903c9114d91e056916a8be7977f1c93d7965ef01771461f70eded062cff0033f0cc4cd16c7d2fa0d797e33e755f60567a793e3d16c43d9cf8b6736aed9c468e3d5890a4c5553d6bb03fa530843f804848952ef92d5cd820c0991f6230642bcd785d39b40174bb59aae4e21c1d2f570ca1a41c644db6dea9f3d251731d007db5911315e2191268d899ee94652bd22921eb85632c9c64f888104fcb320b43fa8944938b419f0064073d099e1b8f34fb0826e0f26b85b7488e643cac596e78f7278e99f1afeed76c6246d82b70c434a5112e5cfc0902d8a7e844199b7972d5b9b2816200ab8d853408732f3bc9a9d1616769a04de6e0df3663db67343495a1ee3a2aca22f602a33c23441c523b74ae2c2a7ce073f2fce2c66a6fa8d95f5e86cd2e0168a409eab67b0ed0f7239fae776aeb0a45aeec797a6edf56057a41c10a2fac33ebf18b3ca9f8b9b0bfb97794d6b20530c073b20519edf572c67959a2cb2ce0150d8867373c0c03d6571a765f9b2d7ad3d4a0b8aad353553f20dce09a5b5911b174cf271a6f5ada895229d51dab48c803b25c69632678abfc1b587b3a0db8e618cc440bfe6332bcbff1415cf1f7a1feebed16520611d89d4e65311d7a9ea7d6cb190bac6c942da72312b879442545c2455ec52b87b61b30e737d535f7dfc00dfe5be126d89c2bfe4e2eb74e4c58d22f3f770d3a197b0ed76ee1e614f23458b7ed5aa0821c496b6f87c9d9635ff4a5f6108449ac63d83a516679f40e0ec14dd1e1d36ae6b166cf88b3f7d68ddbf0bd43c4602ee362f77f60861f8e65d6724105d1714f99852997c3c7e969f79bba322923eaa55c8a5d9b9a20ad39a22663e04b1909d1b153f5607f500ebe10d8bf6f0476640dafd87d5b7cf1c36d37655fcf1e3720b61d25ca842aed126f523ffaa1d39aefa1d5eb47fc4390fccd177154397610946721be908238db914becaaba55f18b37bc0dd0efd5b4024bf28b398dffd6157168d693f355cf6371c12dc51a4c15a127d6c16b737220815e4cc1ab497ad78d49634b4e11797495d589b1dad6d56b40ee3df09ea51f7b9d01082101ab8361888d9bc1244c3e0960c29246e216c2cac89c4a7d724bd0fd0d7549fd4c7fa8dfb6363954d7cfac242347ec571c348012242873d03a813981eab832b3d27c2eedec7dcf695f13925f61496385a34eb5d51bac6896ffe28fb1e9283747d9bab61f582068bb8d733afc1e0fa989e46ce356d0b7ffb680efa672d8ae40528e5d2b8d0cde941a5fd028395e1c9795dd606d1a6de856537c2c7425531bbec04ad963e60d3f979499da206764205c5f96e5bf8c7ade8fe401bcf34a6461ee23696a3694566c3b9c96050f54fafeb7c79a6aff139eecad64ea7a5a7035b31cfe98a8eefcce4c0b2a16aaa45f111ba9a5d35cce39fe97b8ce25c7739359a370c279ee9931c4a404b69c8ab077f6d71ec1071a67d77d86f0ce8dd44d7f6652ca3435ce03d92cdebe131ab0b1121a7803e1d40788a48c22ca670bfad264ad676d22196183553dbbee8f0121b90ec7d29802b1d0c81004b519fb579d32599dbda245b4e2b5c31f3527777e5"], 0x1078)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:05 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000288190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3099.129058] syz-executor.5: attempt to access beyond end of device
[ 3099.129058] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3099.130534] Buffer I/O error on dev loop5, logical block 10, lost async page write
21:45:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3099.264469] loop5: detected capacity change from 0 to 40
[ 3099.324027] syz-executor.2: attempt to access beyond end of device
[ 3099.324027] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3099.325988] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3099.348995] syz-executor.4: attempt to access beyond end of device
[ 3099.348995] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3099.350926] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3099.384071] syz-executor.7: attempt to access beyond end of device
[ 3099.384071] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3099.385947] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3099.420854] syz-executor.3: attempt to access beyond end of device
[ 3099.420854] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3099.422777] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3099.540883] syz-executor.5: attempt to access beyond end of device
[ 3099.540883] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3099.542815] Buffer I/O error on dev loop5, logical block 10, lost async page write
21:45:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80079ef190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:45:21 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r4 = open_tree(r0, &(0x7f0000000380)='./file2\x00', 0x9800)
ioctl$EVIOCGID(r4, 0x80084502, &(0x7f00000003c0)=""/96)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:45:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000}, 0x20)

21:45:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(0x0, 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:45:21 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
fcntl$setown(r0, 0x8, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000000040)=ANY=[], 0x220)
chdir(&(0x7f0000000000)='./file0\x00')
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

21:45:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3114.972257] loop2: detected capacity change from 0 to 40
[ 3114.976128] loop4: detected capacity change from 0 to 40
[ 3114.983068] loop7: detected capacity change from 0 to 40
[ 3114.985929] loop3: detected capacity change from 0 to 40
[ 3114.993590] loop5: detected capacity change from 0 to 40
21:45:21 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000f0190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3115.352975] syz-executor.3: attempt to access beyond end of device
[ 3115.352975] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3115.354919] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:45:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000000f0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3115.494036] syz-executor.7: attempt to access beyond end of device
[ 3115.494036] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3115.495994] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3115.537096] syz-executor.4: attempt to access beyond end of device
[ 3115.537096] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3115.543200] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3115.547182] syz-executor.2: attempt to access beyond end of device
[ 3115.547182] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
21:45:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3115.550205] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3115.611038] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=15 sclass=netlink_xfrm_socket pid=13709 comm=syz-executor.1
[ 3115.635698] syz-executor.2: attempt to access beyond end of device
[ 3115.635698] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3115.637396] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:45:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x0, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3115.716812] loop3: detected capacity change from 0 to 40
21:45:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000110001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3115.817419] loop7: detected capacity change from 0 to 40
21:45:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000001c0)=0x8)

[ 3115.921093] loop2: detected capacity change from 0 to 40
[ 3115.930478] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.1'.
21:45:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf32(r2, &(0x7f00000013c0)=ANY=[@ANYBLOB="7f454c46097f0805040000000000000002000600020000006101000038000000e60000000900000000002000010056b1ffff03000000000004000000ff03000001000000420000000400000000100000000200000000700007000000020000000080000004000000030000000900000009000000080000001add9220b1d7284d3c8741cebf36c7fa462e4b4683e97eb94da07be342da82f6d5d26681b05497d1c5d408b889b6021f99b152208b190cc8fac3b34bbabf69fbb2c424feb51a3f0f40041be5add117c8832cd3196bf4d047d477e842347ae1b59012cf4509bc29414d70741732274701331dd05e92ebb4aa806fb791c348deef777df95a12a5bec209f7b6b575722ff0e6acc9c5287013b94d99c89762ff849af9710935c88da996ecdb3f29be8d18cfe61eebe0bc12dce9dc2204b774ead661e03a9022d53d554c3f5845236ae75c58eb6fa0b184d110a07816ee913fc9f3e06e7ae80995e2071ecf8d2928ec26e59b879d648a345efd59703fe2b7af6568769c1328098624d44a184652d80e1147f2f7e3c65a0a6d7c59af340569c4f12313b032cb0cdc294e13db51dee63cb9638c61a7c83e6c721d8d450ec6eab1cd3e56abce44d3453a21345f2435ca9380149541119267ae44eee3fa32badc43206b75fc85da00517fd9cc1cbe666682b90499ed6565789ac8c8faaac8be3fe3430a546b232f717ea3bc9d917ebfe5331f89165257170aff3cf94fe0e3e75b62790fee3d7de790f1acfd0920b24e552b5fd0eb96e003ba90049b2763f8e5ceda7fad44455604e0212768da49c7e5557bf260b8737e434740443eb21118df69fe797672f4f219e4c067799eb75093d7657da61f3360dfdf934fc569b9629ad9606a0edbc783c2df56e53bd8c1cb5d5793f576b4c9b05591c4b053f08134a3ceb18897238c7a2fe6ca232101db43c4e63a8811a907bda810605bc79ce898462c4a9c16dd6a8e64b66c114e3d1481e7a6323cb6851be39247c12a01639c8d0cb85b31eb2f72d431433fd7922b6a3c007a130a1ab2a348cb5dead038276d98a1a84004b0d96b54e615cc31998ecfb28147f6e663a306bd43bb8a8a6bb66145c979a49d1a3cda7755cd243e4c3954fbc9952d7941921a11965285c1f4d18009f483d00c1460fe66260c77b946e998d70f18f62180e16115b596cbd5d2e9490159a89d5ae2d7366cd956edfe0747a9c7ce55db2e6a5c1fbdb74255d321c7377fe8f5d7ea179f903d95a86c3ce5b145f88b59667939f4fab3647ef233cf18fbc682d241695757ef5ad32ace19fd9249c7580eb60ee183932c2cb4b8dac39918c9d403af2e688024f0c73df3687a962911c033522f379e7acf189915696abe7df739970b9b759ab3539943ec196b95751aaaef651bcaa324e313392e3c423be45639313c7fec73a06070a6c56c371dcae56f54a78639e414794b7fde61a391118033925388e9bede9d969c3214343d0e724b9189f5abbecada960f5df9b9325c4d6ddf04121222466b0fd80cb598ef3e17f512e8d25e8d1090e66f773dd4a601c664dec0d440b4f0b15617f25b0076ec04918634398773636709e68cc82770342e4e77d892e64ee72b912331cfea1da8da064ea9ee52dd417986d41355a7d5ae8094f726ad086448a92ac766d814bd7e4bfe9485a65b0d19dfe11bfec4a222cad632a1136f0ccc0eab283057882c80d576ac11ec1b32787ae9aba13a80564d9ce004cf5a8db9d134f8c4ea219d610bff213caf6f7f51422c8adb4ecc8c82507c03efd5b0c9bf86f64f4dbe17a462c6b05e4220f95fd2be0b852456e04d7de025888d80b5034dd6ccacbf78ca7a7881fca0e5eafe65d627d360843cce6fcaba58f1059253b4f70f5b58e74f6b8fe5e9a5307fb01fdba53e8c836c8aeb16cf4b9386e352fcb90b86fba9318eb07bedad1255ad7aabf26ece83a2329e0dd9bea47daa484c11bfa43ed4a831828b2ae2644bac841c9b17de20a2e3f42650aa117d37ba7159d36ae2245d4a6d0aa4206907d314a7a06fe0f3f1fd20b943bd8759f51f930194605a7844571b3889b859a7795937af888f12765476d57a7d0b86f288a0922eee66c03cf9b0f9d1a1782497f5ddd976ad3b97726a162c841d519ad75605b386bba2a24e693df20dad9036e3da3fd6d61aa3cac651cfbea75b742685e659dd8af6d8d3236cd6d55927050eb6fd05154fcb731d7de4ffdd6df2cbfab216fccbb87eff67d095a5ca991c486a221d549cdd1efee92911b94bbe021a0eb3c9fcdf5fbc62db0ce79efc2931f622339a3002db8ad9369d1fff472910f0530dff2e46e8010295b04d6c193f64b24216cd16c83bd141bd7d6f186bb88e7c445d3fb1b88c892eae39258cb2bb00dce91a4f952dcc592c32f8f3b444bae54778c66bce37f26775af95e4a25338ac9ebefe45f9b01a35cee8cddcac6001c552e0cadca8a7ae881b76605e7f07f8ab4cf6a39b62a7e1d7dcb99d7e7237cee5f61ffa467672d09d5a44fbbb1441f4eaf6655856a104480b62fdaf68491f0e0b723259aeb07178ea89b096d5fdf8eeffe3a0a75a5c05ef76120a4c9d56817694a85b5b53de0ae4a9582cefb1dcc3c78f902c06b238387b27fd50a9fd1f811966a9cbba9e2144728ee7bd6f20610609d5a67dd463273eff581b3499186cc252097f73035822be82908d270c6acbbfbff38a69d5099f1330e666d8bc84adf1560ed37dfc6fbe1c5a8e8539ccd9c700bb231d612d026f3169ab64d3ecc6a9f83ca716ab342dd6787fc91337b8f39de6d36a613426d9c17bb29d59e47e1887d5f145855d627cf042fc2bf47326a284dee28df0354415882dc34aa0fa960341732e48565d73db55d301b541bfddfbc8e04173056027ce5a1d13407d4e35f9dcce84b2724f5b77e9a399a866db42068382a8c7641aacb2e55ffa08fc00040caa7876fa85d62947ed8af455374f03fd972823eeb94051392c54b72041cb9706de60e1192a67820b66bff41dca4cbae7f02c2faa9c8da5f975f85e1558ae0f3fde08627dfc2b632e41b135d82b3ea06fedc6e958183671096e718af6ae0b0b0c4839b28aed3d80d1d55792304e376e624f470d9f78f69b510c9c3a5977ae4b85248502d532d12a29e2ceedcb8771ba8bc3d22a32ca4a466530b10259ffb156b83ac6f6c3be6e33541fa97db4330a31ea32c63aa4889c2a79442c133ee972e23f0e3c6c5ed14d74f6ce15b6f2f8da2022b5fd740a31f0ad0908222d2de739b2913f82c588ebccccf5064c8588ef1232d84c147a23717094552704d8679034b7ee678548fba72ff6545a93e8167e5d5f8414a323c3f128728beece61d00ed4cd7634660d190db386c8abfdf212653d87ac48d34ad77e82bd2410aeca571a79b40306fe38a2dcf63b556bede2e8c5ee830c37cd08451ea386c033302848e378dcf7f1635a91b474894f14521be3239dbce7d00fc842b7f3efb90a517f8f81f8348de369adb66a3294bc957e2a2216e7cfac8c2e5ba95206345168e12609002189274d16dcaaa5cea36824b24290800c1c2277fab9812c9378d2675090e38df08fdfdb89d40e22850be8959fbb9877b54baa3fc9608ac0ff4fe42838c11bc6e5a0c91bf1a48bb6661e838187eb4164a02d4f7812ed26bd11a58d71b8eadf6d6d2bbaad3e5a0080d3ec85972330cddab7d73bcc49123830ec457f811edd88101561a0f843eb7a216503c85fef84a38fecd0965676d912793482e0e6bf3d6f619a36637acc85bc26daf9a7c7a95631325c803886afc59dbc88a820b566f5dfe9cafb2e84adc78d1c47ea734a28865f97e775741f145213d205aeb5a4cc735caebaa39a48b129f2aa3aff5578ff6e49dc3be024ba13134a430f2c09b4f49383d02526aeb5efab57d5b63476039eba5247a19177ed376ef4e116d811daaea9f09b8c18645b2985a7bead654d2afa81de1afb52de26e8284d04bdd61785d0f83247c23b702f429e925bea2832b21504488c8170639b46236fd5fccb4e3483e0eaf2bb5967156ed6ab94f166c537ee6c1de99e585e80e8e3e29caa4d31b1aa61193fbdf6e57839a8e385a5e213943710d6633138179e6c4d1d6bce6e0bea8c1d6cdc427e10191bffc5df452a882d6c482c8294738378f5f0f62dbb2f21aba010e765e94be7bdceab6cccb2dd03b39e7c743c484e0fd1a871b8b58ed3d942acf89534655daadb2c2e5fc758ce5ab396ded89a3567eb6d9389a874675e0f04425689c3913fe622f2b5ef407e6598f797dc597253325e7bbd34cafa5c7668a72be69dcb249882db47c922686a66ec64f691cc8e5874e873236c3c9aae666f9ea98a02d64f883647d49f937f987a6c96aff20f1a176ec89e8becf999903c9114d91e056916a8be7977f1c93d7965ef01771461f70eded062cff0033f0cc4cd16c7d2fa0d797e33e755f60567a793e3d16c43d9cf8b6736aed9c468e3d5890a4c5553d6bb03fa530843f804848952ef92d5cd820c0991f6230642bcd785d39b40174bb59aae4e21c1d2f570ca1a41c644db6dea9f3d251731d007db5911315e2191268d899ee94652bd22921eb85632c9c64f888104fcb320b43fa8944938b419f0064073d099e1b8f34fb0826e0f26b85b7488e643cac596e78f7278e99f1afeed76c6246d82b70c434a5112e5cfc0902d8a7e844199b7972d5b9b2816200ab8d853408732f3bc9a9d1616769a04de6e0df3663db67343495a1ee3a2aca22f602a33c23441c523b74ae2c2a7ce073f2fce2c66a6fa8d95f5e86cd2e0168a409eab67b0ed0f7239fae776aeb0a45aeec797a6edf56057a41c10a2fac33ebf18b3ca9f8b9b0bfb97794d6b20530c073b20519edf572c67959a2cb2ce0150d8867373c0c03d6571a765f9b2d7ad3d4a0b8aad353553f20dce09a5b5911b174cf271a6f5ada895229d51dab48c803b25c69632678abfc1b587b3a0db8e618cc440bfe6332bcbff1415cf1f7a1feebed16520611d89d4e65311d7a9ea7d6cb190bac6c942da72312b879442545c2455ec52b87b61b30e737d535f7dfc00dfe5be126d89c2bfe4e2eb74e4c58d22f3f770d3a197b0ed76ee1e614f23458b7ed5aa0821c496b6f87c9d9635ff4a5f6108449ac63d83a516679f40e0ec14dd1e1d36ae6b166cf88b3f7d68ddbf0bd43c4602ee362f77f60861f8e65d6724105d1714f99852997c3c7e969f79bba322923eaa55c8a5d9b9a20ad39a22663e04b1909d1b153f5607f500ebe10d8bf6f0476640dafd87d5b7cf1c36d37655fcf1e3720b61d25ca842aed126f523ffaa1d39aefa1d5eb47fc4390fccd177154397610946721be908238db914becaaba55f18b37bc0dd0efd5b4024bf28b398dffd6157168d693f355cf6371c12dc51a4c15a127d6c16b737220815e4cc1ab497ad78d49634b4e11797495d589b1dad6d56b40ee3df09ea51f7b9d01082101ab8361888d9bc1244c3e0960c29246e216c2cac89c4a7d724bd0fd0d7549fd4c7fa8dfb6363954d7cfac242347ec571c348012242873d03a813981eab832b3d27c2eedec7dcf695f13925f61496385a34eb5d51bac6896ffe28fb1e9283747d9bab61f582068bb8d733afc1e0fa989e46ce356d0b7ffb680efa672d8ae40528e5d2b8d0cde941a5fd028395e1c9795dd606d1a6de856537c2c7425531bbec04ad963e60d3f979499da206764205c5f96e5bf8c7ade8fe401bcf34a6461ee23696a3694566c3b9c96050f54fafeb7c79a6aff139eecad64ea7a5a7035b31cfe98a8eefcce4c0b2a16aaa45f111ba9a5d35cce39fe97b8ce25c7739359a370c279ee9931c4a404b69c8ab077f6d71ec1071a67d77d86f0ce8dd44d7f6652ca3435ce03d92cdebe131ab0b1121a7803e1d40788a48c22ca670bfad264ad676d22196183553dbbee8f0121b90ec7d29802b1d0c81004b519fb579d32599dbda245b4e2b5c31f3527777e5"], 0x1078)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:22 executing program 6:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101002000f801", 0x14}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f00000003c0)=ANY=[@ANYRES64, @ANYRESDEC=0x0, @ANYRES16=r0, @ANYRES16=r0, @ANYRES64=r0, @ANYBLOB="3392512fd07d9c466e4f5d7200dee28c442915154003e04b6112560c84e1c9f92ac6f3a9fe026508e94c24aca470903ef4264c06ffb82d7a5470d667d476e85aa572a5", @ANYRESHEX=0x0])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$TIOCL_SELLOADLUT(r1, 0x541c, &(0x7f0000000380)={0x5, 0xb200000000000000, 0x7, 0x7fffffff, 0xa98e})
signalfd(r1, &(0x7f0000000240)={[0x1]}, 0x8)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7, 0xfffffffe, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb23, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x10000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

[ 3116.056223] loop4: detected capacity change from 0 to 40
21:45:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000120001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3116.119931] loop5: detected capacity change from 0 to 40
[ 3116.134920] syz-executor.3: attempt to access beyond end of device
[ 3116.134920] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3116.136955] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3116.186838] syz-executor.7: attempt to access beyond end of device
[ 3116.186838] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3116.189105] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:45:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3116.238975] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.1'.
21:45:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x0, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:45:22 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000130001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3116.328888] syz-executor.2: attempt to access beyond end of device
[ 3116.328888] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3116.330570] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3116.387720] loop3: detected capacity change from 0 to 40
[ 3116.396791] syz-executor.2: attempt to access beyond end of device
[ 3116.396791] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3116.398342] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3116.423907] Process accounting resumed
[ 3116.454111] loop7: detected capacity change from 0 to 40
[ 3116.464361] syz-executor.2: attempt to access beyond end of device
[ 3116.464361] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3116.465750] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:45:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf32(r2, &(0x7f00000013c0)=ANY=[@ANYBLOB="7f454c46097f0805040000000000000002000600020000006101000038000000e60000000900000000002000010056b1ffff03000000000004000000ff03000001000000420000000400000000100000000200000000700007000000020000000080000004000000030000000900000009000000080000001add9220b1d7284d3c8741cebf36c7fa462e4b4683e97eb94da07be342da82f6d5d26681b05497d1c5d408b889b6021f99b152208b190cc8fac3b34bbabf69fbb2c424feb51a3f0f40041be5add117c8832cd3196bf4d047d477e842347ae1b59012cf4509bc29414d70741732274701331dd05e92ebb4aa806fb791c348deef777df95a12a5bec209f7b6b575722ff0e6acc9c5287013b94d99c89762ff849af9710935c88da996ecdb3f29be8d18cfe61eebe0bc12dce9dc2204b774ead661e03a9022d53d554c3f5845236ae75c58eb6fa0b184d110a07816ee913fc9f3e06e7ae80995e2071ecf8d2928ec26e59b879d648a345efd59703fe2b7af6568769c1328098624d44a184652d80e1147f2f7e3c65a0a6d7c59af340569c4f12313b032cb0cdc294e13db51dee63cb9638c61a7c83e6c721d8d450ec6eab1cd3e56abce44d3453a21345f2435ca9380149541119267ae44eee3fa32badc43206b75fc85da00517fd9cc1cbe666682b90499ed6565789ac8c8faaac8be3fe3430a546b232f717ea3bc9d917ebfe5331f89165257170aff3cf94fe0e3e75b62790fee3d7de790f1acfd0920b24e552b5fd0eb96e003ba90049b2763f8e5ceda7fad44455604e0212768da49c7e5557bf260b8737e434740443eb21118df69fe797672f4f219e4c067799eb75093d7657da61f3360dfdf934fc569b9629ad9606a0edbc783c2df56e53bd8c1cb5d5793f576b4c9b05591c4b053f08134a3ceb18897238c7a2fe6ca232101db43c4e63a8811a907bda810605bc79ce898462c4a9c16dd6a8e64b66c114e3d1481e7a6323cb6851be39247c12a01639c8d0cb85b31eb2f72d431433fd7922b6a3c007a130a1ab2a348cb5dead038276d98a1a84004b0d96b54e615cc31998ecfb28147f6e663a306bd43bb8a8a6bb66145c979a49d1a3cda7755cd243e4c3954fbc9952d7941921a11965285c1f4d18009f483d00c1460fe66260c77b946e998d70f18f62180e16115b596cbd5d2e9490159a89d5ae2d7366cd956edfe0747a9c7ce55db2e6a5c1fbdb74255d321c7377fe8f5d7ea179f903d95a86c3ce5b145f88b59667939f4fab3647ef233cf18fbc682d241695757ef5ad32ace19fd9249c7580eb60ee183932c2cb4b8dac39918c9d403af2e688024f0c73df3687a962911c033522f379e7acf189915696abe7df739970b9b759ab3539943ec196b95751aaaef651bcaa324e313392e3c423be45639313c7fec73a06070a6c56c371dcae56f54a78639e414794b7fde61a391118033925388e9bede9d969c3214343d0e724b9189f5abbecada960f5df9b9325c4d6ddf04121222466b0fd80cb598ef3e17f512e8d25e8d1090e66f773dd4a601c664dec0d440b4f0b15617f25b0076ec04918634398773636709e68cc82770342e4e77d892e64ee72b912331cfea1da8da064ea9ee52dd417986d41355a7d5ae8094f726ad086448a92ac766d814bd7e4bfe9485a65b0d19dfe11bfec4a222cad632a1136f0ccc0eab283057882c80d576ac11ec1b32787ae9aba13a80564d9ce004cf5a8db9d134f8c4ea219d610bff213caf6f7f51422c8adb4ecc8c82507c03efd5b0c9bf86f64f4dbe17a462c6b05e4220f95fd2be0b852456e04d7de025888d80b5034dd6ccacbf78ca7a7881fca0e5eafe65d627d360843cce6fcaba58f1059253b4f70f5b58e74f6b8fe5e9a5307fb01fdba53e8c836c8aeb16cf4b9386e352fcb90b86fba9318eb07bedad1255ad7aabf26ece83a2329e0dd9bea47daa484c11bfa43ed4a831828b2ae2644bac841c9b17de20a2e3f42650aa117d37ba7159d36ae2245d4a6d0aa4206907d314a7a06fe0f3f1fd20b943bd8759f51f930194605a7844571b3889b859a7795937af888f12765476d57a7d0b86f288a0922eee66c03cf9b0f9d1a1782497f5ddd976ad3b97726a162c841d519ad75605b386bba2a24e693df20dad9036e3da3fd6d61aa3cac651cfbea75b742685e659dd8af6d8d3236cd6d55927050eb6fd05154fcb731d7de4ffdd6df2cbfab216fccbb87eff67d095a5ca991c486a221d549cdd1efee92911b94bbe021a0eb3c9fcdf5fbc62db0ce79efc2931f622339a3002db8ad9369d1fff472910f0530dff2e46e8010295b04d6c193f64b24216cd16c83bd141bd7d6f186bb88e7c445d3fb1b88c892eae39258cb2bb00dce91a4f952dcc592c32f8f3b444bae54778c66bce37f26775af95e4a25338ac9ebefe45f9b01a35cee8cddcac6001c552e0cadca8a7ae881b76605e7f07f8ab4cf6a39b62a7e1d7dcb99d7e7237cee5f61ffa467672d09d5a44fbbb1441f4eaf6655856a104480b62fdaf68491f0e0b723259aeb07178ea89b096d5fdf8eeffe3a0a75a5c05ef76120a4c9d56817694a85b5b53de0ae4a9582cefb1dcc3c78f902c06b238387b27fd50a9fd1f811966a9cbba9e2144728ee7bd6f20610609d5a67dd463273eff581b3499186cc252097f73035822be82908d270c6acbbfbff38a69d5099f1330e666d8bc84adf1560ed37dfc6fbe1c5a8e8539ccd9c700bb231d612d026f3169ab64d3ecc6a9f83ca716ab342dd6787fc91337b8f39de6d36a613426d9c17bb29d59e47e1887d5f145855d627cf042fc2bf47326a284dee28df0354415882dc34aa0fa960341732e48565d73db55d301b541bfddfbc8e04173056027ce5a1d13407d4e35f9dcce84b2724f5b77e9a399a866db42068382a8c7641aacb2e55ffa08fc00040caa7876fa85d62947ed8af455374f03fd972823eeb94051392c54b72041cb9706de60e1192a67820b66bff41dca4cbae7f02c2faa9c8da5f975f85e1558ae0f3fde08627dfc2b632e41b135d82b3ea06fedc6e958183671096e718af6ae0b0b0c4839b28aed3d80d1d55792304e376e624f470d9f78f69b510c9c3a5977ae4b85248502d532d12a29e2ceedcb8771ba8bc3d22a32ca4a466530b10259ffb156b83ac6f6c3be6e33541fa97db4330a31ea32c63aa4889c2a79442c133ee972e23f0e3c6c5ed14d74f6ce15b6f2f8da2022b5fd740a31f0ad0908222d2de739b2913f82c588ebccccf5064c8588ef1232d84c147a23717094552704d8679034b7ee678548fba72ff6545a93e8167e5d5f8414a323c3f128728beece61d00ed4cd7634660d190db386c8abfdf212653d87ac48d34ad77e82bd2410aeca571a79b40306fe38a2dcf63b556bede2e8c5ee830c37cd08451ea386c033302848e378dcf7f1635a91b474894f14521be3239dbce7d00fc842b7f3efb90a517f8f81f8348de369adb66a3294bc957e2a2216e7cfac8c2e5ba95206345168e12609002189274d16dcaaa5cea36824b24290800c1c2277fab9812c9378d2675090e38df08fdfdb89d40e22850be8959fbb9877b54baa3fc9608ac0ff4fe42838c11bc6e5a0c91bf1a48bb6661e838187eb4164a02d4f7812ed26bd11a58d71b8eadf6d6d2bbaad3e5a0080d3ec85972330cddab7d73bcc49123830ec457f811edd88101561a0f843eb7a216503c85fef84a38fecd0965676d912793482e0e6bf3d6f619a36637acc85bc26daf9a7c7a95631325c803886afc59dbc88a820b566f5dfe9cafb2e84adc78d1c47ea734a28865f97e775741f145213d205aeb5a4cc735caebaa39a48b129f2aa3aff5578ff6e49dc3be024ba13134a430f2c09b4f49383d02526aeb5efab57d5b63476039eba5247a19177ed376ef4e116d811daaea9f09b8c18645b2985a7bead654d2afa81de1afb52de26e8284d04bdd61785d0f83247c23b702f429e925bea2832b21504488c8170639b46236fd5fccb4e3483e0eaf2bb5967156ed6ab94f166c537ee6c1de99e585e80e8e3e29caa4d31b1aa61193fbdf6e57839a8e385a5e213943710d6633138179e6c4d1d6bce6e0bea8c1d6cdc427e10191bffc5df452a882d6c482c8294738378f5f0f62dbb2f21aba010e765e94be7bdceab6cccb2dd03b39e7c743c484e0fd1a871b8b58ed3d942acf89534655daadb2c2e5fc758ce5ab396ded89a3567eb6d9389a874675e0f04425689c3913fe622f2b5ef407e6598f797dc597253325e7bbd34cafa5c7668a72be69dcb249882db47c922686a66ec64f691cc8e5874e873236c3c9aae666f9ea98a02d64f883647d49f937f987a6c96aff20f1a176ec89e8becf999903c9114d91e056916a8be7977f1c93d7965ef01771461f70eded062cff0033f0cc4cd16c7d2fa0d797e33e755f60567a793e3d16c43d9cf8b6736aed9c468e3d5890a4c5553d6bb03fa530843f804848952ef92d5cd820c0991f6230642bcd785d39b40174bb59aae4e21c1d2f570ca1a41c644db6dea9f3d251731d007db5911315e2191268d899ee94652bd22921eb85632c9c64f888104fcb320b43fa8944938b419f0064073d099e1b8f34fb0826e0f26b85b7488e643cac596e78f7278e99f1afeed76c6246d82b70c434a5112e5cfc0902d8a7e844199b7972d5b9b2816200ab8d853408732f3bc9a9d1616769a04de6e0df3663db67343495a1ee3a2aca22f602a33c23441c523b74ae2c2a7ce073f2fce2c66a6fa8d95f5e86cd2e0168a409eab67b0ed0f7239fae776aeb0a45aeec797a6edf56057a41c10a2fac33ebf18b3ca9f8b9b0bfb97794d6b20530c073b20519edf572c67959a2cb2ce0150d8867373c0c03d6571a765f9b2d7ad3d4a0b8aad353553f20dce09a5b5911b174cf271a6f5ada895229d51dab48c803b25c69632678abfc1b587b3a0db8e618cc440bfe6332bcbff1415cf1f7a1feebed16520611d89d4e65311d7a9ea7d6cb190bac6c942da72312b879442545c2455ec52b87b61b30e737d535f7dfc00dfe5be126d89c2bfe4e2eb74e4c58d22f3f770d3a197b0ed76ee1e614f23458b7ed5aa0821c496b6f87c9d9635ff4a5f6108449ac63d83a516679f40e0ec14dd1e1d36ae6b166cf88b3f7d68ddbf0bd43c4602ee362f77f60861f8e65d6724105d1714f99852997c3c7e969f79bba322923eaa55c8a5d9b9a20ad39a22663e04b1909d1b153f5607f500ebe10d8bf6f0476640dafd87d5b7cf1c36d37655fcf1e3720b61d25ca842aed126f523ffaa1d39aefa1d5eb47fc4390fccd177154397610946721be908238db914becaaba55f18b37bc0dd0efd5b4024bf28b398dffd6157168d693f355cf6371c12dc51a4c15a127d6c16b737220815e4cc1ab497ad78d49634b4e11797495d589b1dad6d56b40ee3df09ea51f7b9d01082101ab8361888d9bc1244c3e0960c29246e216c2cac89c4a7d724bd0fd0d7549fd4c7fa8dfb6363954d7cfac242347ec571c348012242873d03a813981eab832b3d27c2eedec7dcf695f13925f61496385a34eb5d51bac6896ffe28fb1e9283747d9bab61f582068bb8d733afc1e0fa989e46ce356d0b7ffb680efa672d8ae40528e5d2b8d0cde941a5fd028395e1c9795dd606d1a6de856537c2c7425531bbec04ad963e60d3f979499da206764205c5f96e5bf8c7ade8fe401bcf34a6461ee23696a3694566c3b9c96050f54fafeb7c79a6aff139eecad64ea7a5a7035b31cfe98a8eefcce4c0b2a16aaa45f111ba9a5d35cce39fe97b8ce25c7739359a370c279ee9931c4a404b69c8ab077f6d71ec1071a67d77d86f0ce8dd44d7f6652ca3435ce03d92cdebe131ab0b1121a7803e1d40788a48c22ca670bfad264ad676d22196183553dbbee8f0121b90ec7d29802b1d0c81004b519fb579d32599dbda245b4e2b5c31f3527777e5"], 0x1078)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000140001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3116.636083] Process accounting resumed
21:45:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000000)=0x4)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
recvmmsg$unix(r1, &(0x7f0000000cc0)=[{{&(0x7f0000000300), 0x6e, &(0x7f0000000740)=[{&(0x7f0000000380)=""/196, 0xc4}, {&(0x7f0000000480)=""/224, 0xe0}, {&(0x7f0000000580)=""/77, 0x4d}, {&(0x7f0000000600)=""/70, 0x46}, {&(0x7f0000000240)=""/64, 0x40}, {&(0x7f0000000680)=""/181, 0xb5}], 0x6, &(0x7f00000007c0)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x60}}, {{&(0x7f0000000840)=@abs, 0x6e, &(0x7f0000000c00)=[{&(0x7f00000008c0)=""/118, 0x76}, {&(0x7f0000000940)=""/250, 0xfa}, {&(0x7f0000000a40)=""/225, 0xe1}, {&(0x7f0000000b40)=""/112, 0x70}, {&(0x7f0000000bc0)}], 0x5, &(0x7f0000000c80)=ANY=[@ANYBLOB="20800000000000f00100000001000000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x40}}], 0x2, 0x0, &(0x7f0000000d40)={0x77359400})
getsockname$unix(r2, &(0x7f0000000d80)=@abs, &(0x7f0000000e00)=0x6e)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r3, 0xc038943b, &(0x7f0000000180)={0x100, 0x8, '\x00', 0x0, &(0x7f0000000040)=[0x0]})

[ 3116.733084] loop4: detected capacity change from 0 to 40
21:45:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3116.838472] loop2: detected capacity change from 0 to 40
[ 3116.849833] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
21:45:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x0, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3116.963502] loop3: detected capacity change from 0 to 40
21:45:23 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000150001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3117.107822] loop7: detected capacity change from 0 to 40
[ 3117.204639] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
21:45:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x6000, 0x180)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3130.785603] loop2: detected capacity change from 0 to 40
21:45:37 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:45:37 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000160001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:45:37 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000140001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:45:37 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, r2, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x15d}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffed0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]}, 0x3c}}, 0x4004840)
r3 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x100000000000000, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3130.799138] loop5: detected capacity change from 0 to 40
[ 3130.824230] loop7: detected capacity change from 0 to 40
[ 3130.845819] loop3: detected capacity change from 0 to 40
[ 3130.883046] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 3130.984796] bio_check_eod: 9 callbacks suppressed
[ 3130.984814] syz-executor.2: attempt to access beyond end of device
[ 3130.984814] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3130.986571] buffer_io_error: 7 callbacks suppressed
[ 3130.986580] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3131.053431] syz-executor.3: attempt to access beyond end of device
[ 3131.053431] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.055647] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:45:37 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000170001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:45:37 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000001c0)=0x8)

21:45:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7e5b, &(0x7f0000000180)={0x0, 0x46d4, 0x10, 0x0, 0x83}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3131.219166] loop4: detected capacity change from 0 to 40
[ 3131.293565] loop2: detected capacity change from 0 to 40
[ 3131.306168] syz-executor.7: attempt to access beyond end of device
[ 3131.306168] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.307390] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3131.411978] syz-executor.2: attempt to access beyond end of device
[ 3131.411978] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.413080] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3131.489425] syz-executor.2: attempt to access beyond end of device
[ 3131.489425] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.490766] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3131.567834] syz-executor.4: attempt to access beyond end of device
[ 3131.567834] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.569572] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3131.660756] Process accounting resumed
[ 3131.661146] syz-executor.4: attempt to access beyond end of device
[ 3131.661146] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.662152] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3131.674555] syz-executor.4: attempt to access beyond end of device
[ 3131.674555] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3131.675974] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:45:53 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3147.197187] loop7: detected capacity change from 0 to 40
[ 3147.200696] loop4: detected capacity change from 0 to 40
[ 3147.203799] loop5: detected capacity change from 0 to 40
[ 3147.213045] loop2: detected capacity change from 0 to 40
21:45:53 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r5 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_DISABLE(r5, 0x2401, 0x438430da)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x3}, 0x0, 0x7}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:45:53 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7e5b, &(0x7f0000000180)={0x0, 0x46d4, 0x10, 0x0, 0x83}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x101410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
recvmsg$unix(r2, &(0x7f0000000240)={&(0x7f0000000000), 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000300)=""/248, 0xf8}, {&(0x7f0000000180)=""/93, 0x5d}, {&(0x7f0000000400)=""/75, 0x4b}, {&(0x7f0000000480)=""/220, 0xdc}, {&(0x7f0000000580)=""/191, 0xbf}, {&(0x7f0000000640)=""/65, 0x41}], 0x6, &(0x7f0000000740)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}, 0x2100)
openat(r3, &(0x7f0000000800)='./file2\x00', 0xa040, 0x4)

21:45:53 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000001c0)=0x8)

21:45:53 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:45:53 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000180001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3147.297197] loop3: detected capacity change from 0 to 40
21:45:53 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3147.350927] loop5: detected capacity change from 0 to 40
21:45:54 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3147.730178] loop5: detected capacity change from 0 to 40
[ 3147.803779] syz-executor.4: attempt to access beyond end of device
[ 3147.803779] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3147.806183] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3147.852152] syz-executor.3: attempt to access beyond end of device
[ 3147.852152] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3147.854787] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3147.877628] syz-executor.7: attempt to access beyond end of device
[ 3147.877628] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3147.879957] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3148.048721] loop2: detected capacity change from 0 to 40
[ 3148.091714] Process accounting resumed
[ 3148.092142] syz-executor.4: attempt to access beyond end of device
[ 3148.092142] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3148.093111] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3148.112538] syz-executor.4: attempt to access beyond end of device
[ 3148.112538] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3148.114212] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:09 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:09 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(r0, &(0x7f0000000440)='./file2\x00', 0x400, 0x66)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400), 0x2, 0x2)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r3, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x8c, 0x100000, {r1}}, 0x20)

21:46:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(r1, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0x20000c, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:09 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000001c0)=0x8)

21:46:09 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:09 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000002190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:09 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7e5b, &(0x7f0000000180)={0x0, 0x46d4, 0x10, 0x0, 0x83}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3163.079200] loop4: detected capacity change from 0 to 40
21:46:09 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3163.091159] loop7: detected capacity change from 0 to 40
[ 3163.131687] loop3: detected capacity change from 0 to 40
[ 3163.144460] loop2: detected capacity change from 0 to 40
[ 3163.160084] loop5: detected capacity change from 0 to 40
21:46:09 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000003190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:09 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3163.433766] loop5: detected capacity change from 0 to 40
[ 3163.545259] syz-executor.4: attempt to access beyond end of device
[ 3163.545259] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.545931] syz-executor.7: attempt to access beyond end of device
[ 3163.545931] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.547485] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3163.551131] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3163.581049] syz-executor.2: attempt to access beyond end of device
[ 3163.581049] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.583121] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3163.592866] syz-executor.3: attempt to access beyond end of device
[ 3163.592866] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.595144] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:46:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000004190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:10 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3163.701761] syz-executor.2: attempt to access beyond end of device
[ 3163.701761] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.703545] Buffer I/O error on dev loop2, logical block 10, lost async page write
21:46:10 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:10 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000006190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3163.886192] loop5: detected capacity change from 0 to 40
[ 3163.892044] Process accounting resumed
[ 3163.904185] syz-executor.4: attempt to access beyond end of device
[ 3163.904185] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.905885] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:10 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x8, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x490, &(0x7f0000000480)=ANY=[@ANYRES16, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRESDEC=r0])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000380), 0x545100, 0x0)
vmsplice(r1, &(0x7f0000000440)=[{&(0x7f00000003c0)="03e44089716c17f58bfe51cb2c1fcf17ac0aa7db76cee6d486384052891426f8c711da7bbfd41fb2aeecf9f9506fd28076f588238f6f40", 0x37}, {&(0x7f0000000400)="7b158dc10692dfe0", 0x8}], 0x2, 0x1)
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
syz_io_uring_setup(0x4db, &(0x7f0000000000)={0x0, 0xb20, 0x4, 0x1, 0x396}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000340)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x4007, @fd_index=0x7, 0x400, &(0x7f0000000300)=[{&(0x7f0000000240)=""/49, 0x31}], 0x1, 0x2, 0x1}, 0x157)
sendfile(r3, r2, 0x0, 0xfffffdef)

[ 3163.925434] loop7: detected capacity change from 0 to 40
[ 3163.935927] syz-executor.4: attempt to access beyond end of device
[ 3163.935927] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3163.937565] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:10 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

[ 3163.977837] loop3: detected capacity change from 0 to 40
[ 3164.111009] loop2: detected capacity change from 0 to 40
[ 3164.131428] loop4: detected capacity change from 0 to 40
[ 3164.148145] FAT-fs (loop2): Unrecognized mount option "ÿÿ0x00000000000000000x000000000000000000000000000000000003" or missing value
21:46:10 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:10 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000009190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3164.205727] loop5: detected capacity change from 0 to 40
21:46:10 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0}, './file1\x00'})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7e5b, &(0x7f0000000180)={0x0, 0x46d4, 0x10, 0x0, 0x83}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240), &(0x7f0000000280))
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3164.309754] syz-executor.7: attempt to access beyond end of device
[ 3164.309754] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3164.311825] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3164.375855] syz-executor.3: attempt to access beyond end of device
[ 3164.375855] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3164.377809] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3164.521034] syz-executor.4: attempt to access beyond end of device
[ 3164.521034] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3164.523253] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3164.671052] Process accounting resumed
[ 3164.935772] loop2: detected capacity change from 0 to 40
[ 3164.941380] FAT-fs (loop2): Unrecognized mount option "ÿÿ0x00000000000000000x000000000000000000000000000000000003" or missing value
21:46:26 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = fsmount(r0, 0x0, 0x3)
r2 = openat(r1, &(0x7f0000000100)='./file1\x00', 0x701, 0x42)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r0, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:26 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x8, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x490, &(0x7f0000000480)=ANY=[@ANYRES16, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRESDEC=r0])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000380), 0x545100, 0x0)
vmsplice(r1, &(0x7f0000000440)=[{&(0x7f00000003c0)="03e44089716c17f58bfe51cb2c1fcf17ac0aa7db76cee6d486384052891426f8c711da7bbfd41fb2aeecf9f9506fd28076f588238f6f40", 0x37}, {&(0x7f0000000400)="7b158dc10692dfe0", 0x8}], 0x2, 0x1)
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
syz_io_uring_setup(0x4db, &(0x7f0000000000)={0x0, 0xb20, 0x4, 0x1, 0x396}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000340)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x4007, @fd_index=0x7, 0x400, &(0x7f0000000300)=[{&(0x7f0000000240)=""/49, 0x31}], 0x1, 0x2, 0x1}, 0x157)
sendfile(r3, r2, 0x0, 0xfffffdef)

21:46:26 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:26 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b800000f190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:46:26 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x101001, 0x40)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

[ 3180.254561] loop5: detected capacity change from 0 to 40
[ 3180.262949] loop2: detected capacity change from 0 to 40
[ 3180.265713] loop7: detected capacity change from 0 to 40
[ 3180.306725] loop3: detected capacity change from 0 to 40
[ 3180.319132] loop4: detected capacity change from 0 to 40
21:46:26 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x923, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000001b0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3180.479149] bio_check_eod: 3 callbacks suppressed
[ 3180.479166] syz-executor.5: attempt to access beyond end of device
[ 3180.479166] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.480934] buffer_io_error: 3 callbacks suppressed
[ 3180.480961] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 3180.513791] syz-executor.7: attempt to access beyond end of device
[ 3180.513791] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.516066] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3180.680224] syz-executor.2: attempt to access beyond end of device
[ 3180.680224] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.682626] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3180.692759] syz-executor.3: attempt to access beyond end of device
[ 3180.692759] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.694760] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:46:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3180.716023] syz-executor.4: attempt to access beyond end of device
[ 3180.716023] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.717934] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000001d0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:27 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3180.842658] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3180.860899] loop5: detected capacity change from 0 to 40
21:46:27 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3180.915869] Process accounting resumed
[ 3180.916252] syz-executor.4: attempt to access beyond end of device
[ 3180.916252] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.917163] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3180.922911] syz-executor.4: attempt to access beyond end of device
[ 3180.922911] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3180.923992] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)

[ 3180.963036] loop4: detected capacity change from 0 to 40
21:46:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x3290c0, 0x0)
r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x408880, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

[ 3181.043663] loop7: detected capacity change from 0 to 40
21:46:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000280001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3181.128805] loop2: detected capacity change from 0 to 40
[ 3181.161027] loop3: detected capacity change from 0 to 40
[ 3181.192260] netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'.
21:46:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000000f0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3181.343903] syz-executor.5: attempt to access beyond end of device
[ 3181.343903] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3181.345955] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 3181.354885] syz-executor.4: attempt to access beyond end of device
[ 3181.354885] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3181.356790] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3181.437663] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=15 sclass=netlink_xfrm_socket pid=13944 comm=syz-executor.1
[ 3181.461782] syz-executor.3: attempt to access beyond end of device
[ 3181.461782] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3181.463943] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3181.515868] Process accounting resumed
[ 3195.374103] loop4: detected capacity change from 0 to 40
21:46:41 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:46:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x22000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x6}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:41 executing program 6:
syz_mount_image$vfat(&(0x7f00000003c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f0000010000000000004d9398d3e348b3489a00"/64, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000380)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file1\x00'})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = signalfd(r1, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
sendfile(r2, r1, 0x0, 0xfffffdef)
mount_setattr(r2, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r1}}, 0x20)

21:46:41 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000100001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)

21:46:42 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:42 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3195.391505] loop7: detected capacity change from 0 to 40
[ 3195.402460] loop5: detected capacity change from 0 to 40
21:46:42 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000110001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3195.429225] loop2: detected capacity change from 0 to 272
[ 3195.436045] loop3: detected capacity change from 0 to 40
[ 3195.499242] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3195.565215] bio_check_eod: 3 callbacks suppressed
[ 3195.565228] syz-executor.7: attempt to access beyond end of device
[ 3195.565228] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.568356] buffer_io_error: 3 callbacks suppressed
[ 3195.568425] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:46:42 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000120001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3195.680681] syz-executor.4: attempt to access beyond end of device
[ 3195.680681] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.681987] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3195.738639] Process accounting resumed
[ 3195.739225] syz-executor.4: attempt to access beyond end of device
[ 3195.739225] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.740313] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3195.752843] syz-executor.4: attempt to access beyond end of device
[ 3195.752843] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.754412] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)

[ 3195.763171] syz-executor.3: attempt to access beyond end of device
[ 3195.763171] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.765018] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3195.782859] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3195.837183] syz-executor.5: attempt to access beyond end of device
[ 3195.837183] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.839735] Buffer I/O error on dev loop5, logical block 10, lost async page write
21:46:42 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:42 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000130001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3195.898536] loop7: detected capacity change from 0 to 40
[ 3195.968187] loop4: detected capacity change from 0 to 40
[ 3195.987824] syz-executor.7: attempt to access beyond end of device
[ 3195.987824] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3195.989036] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3196.163914] syz-executor.4: attempt to access beyond end of device
[ 3196.163914] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3196.165783] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3196.283169] Process accounting resumed
[ 3196.283834] syz-executor.4: attempt to access beyond end of device
[ 3196.283834] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3196.285295] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3196.300244] syz-executor.4: attempt to access beyond end of device
[ 3196.300244] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3196.301907] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3196.466732] Process accounting resumed
21:46:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:46:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x4, &(0x7f0000000300)=[{&(0x7f0000010000)="04000000646f7366d8a02b4aa30ac401", 0x10}, {0x0, 0x0, 0x7fffffff}, {&(0x7f0000000000)="f5a644258e1a8179a37899a7a4b0efdc347262ed6a7247883a9801eeb2fa85c55b923b49bcfae3d0608bf3ecdf1a511ab8709c52cd04ffe3816d23fb736a1e8d1761a1f8d3425c9ed888350590e627b121c9044d439a58f5f06d78d53124", 0x5e, 0x1}, {&(0x7f0000000180)="f08c2202cba240205639cf28384793ccd5e949bfb4254b888c2c17e70156fbc9c10ec17883303d15478198b289e39b6c0c0b2a84be1cccb43d56512a39ffb7f15a928469c0d430c51153a05222be47", 0x4f, 0x3595}], 0x1004, &(0x7f0000000000)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80, 0x10b)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3209.979672] loop2: detected capacity change from 0 to 264192
21:46:56 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000140001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3209.989709] loop4: detected capacity change from 0 to 40
21:46:56 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:56 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

[ 3210.004111] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
21:46:56 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
openat(r0, &(0x7f0000000380)='./file1\x00', 0x4240, 0x8)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:56 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000150001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3210.037203] loop3: detected capacity change from 0 to 40
[ 3210.040215] loop7: detected capacity change from 0 to 40
[ 3210.050970] loop2: detected capacity change from 0 to 264192
[ 3210.076024] loop5: detected capacity change from 0 to 40
[ 3210.118682] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
21:46:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x28, 0x3f7, 0x8, 0x70bd29, 0x25dfdbff, {0x7, 0x7, './file1', './file0'}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0xc81}, 0x10000041)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffbfff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3210.273622] syz-executor.4: attempt to access beyond end of device
[ 3210.273622] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.275174] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3210.280920] loop2: detected capacity change from 0 to 40
21:46:56 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000160001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3210.327554] syz-executor.7: attempt to access beyond end of device
[ 3210.327554] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.328499] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3210.352607] syz-executor.3: attempt to access beyond end of device
[ 3210.352607] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.353731] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3210.386774] Process accounting resumed
[ 3210.387179] syz-executor.4: attempt to access beyond end of device
[ 3210.387179] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.387998] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3210.394687] syz-executor.5: attempt to access beyond end of device
[ 3210.394687] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.395823] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 3210.404194] syz-executor.4: attempt to access beyond end of device
[ 3210.404194] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.405874] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:46:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:46:57 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000170001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:46:57 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:46:57 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:46:57 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3210.520840] syz-executor.2: attempt to access beyond end of device
[ 3210.520840] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.521995] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3210.533026] loop4: detected capacity change from 0 to 40
[ 3210.578229] loop7: detected capacity change from 0 to 40
[ 3210.627954] loop3: detected capacity change from 0 to 40
[ 3210.686448] loop5: detected capacity change from 0 to 40
[ 3210.824825] syz-executor.4: attempt to access beyond end of device
[ 3210.824825] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.826884] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3210.931904] syz-executor.5: attempt to access beyond end of device
[ 3210.931904] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.933076] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 3210.950999] syz-executor.7: attempt to access beyond end of device
[ 3210.950999] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3210.952698] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3210.968166] Process accounting resumed
[ 3211.042547] Process accounting resumed
21:47:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x101842, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
syz_open_dev$loop(&(0x7f0000000000), 0x80000000, 0x400)
ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xc00000000000000)
r3 = dup(r0)
openat(r0, &(0x7f0000000180)='./file1\x00', 0x20100, 0x1)
r4 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xa}}, 0x0, 0xffffffffffffffff, r3, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r3, r4, 0x0, 0x2)

21:47:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:11 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:11 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:47:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:47:11 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:47:11 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:47:11 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000180001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3225.358305] loop5: detected capacity change from 0 to 40
[ 3225.361092] loop7: detected capacity change from 0 to 40
[ 3225.384459] loop2: detected capacity change from 0 to 40
[ 3225.389146] loop3: detected capacity change from 0 to 40
[ 3225.391899] loop4: detected capacity change from 0 to 40
21:47:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:12 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000001b0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3225.550117] loop5: detected capacity change from 0 to 40
21:47:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.overlay.redirect\x00', &(0x7f0000000180)='**\xaf\x00', 0x4, 0x2)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x200000000000, 0x800)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
truncate(&(0x7f00000001c0)='./file1\x00', 0x7e3)

21:47:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3225.728179] bio_check_eod: 3 callbacks suppressed
[ 3225.728205] syz-executor.3: attempt to access beyond end of device
[ 3225.728205] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3225.729942] buffer_io_error: 3 callbacks suppressed
[ 3225.729969] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3225.739577] syz-executor.7: attempt to access beyond end of device
[ 3225.739577] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3225.740975] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3225.768382] loop2: detected capacity change from 0 to 40
[ 3225.788152] syz-executor.4: attempt to access beyond end of device
[ 3225.788152] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3225.789627] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3225.802787] loop5: detected capacity change from 0 to 40
[ 3225.896022] Process accounting resumed
[ 3225.903486] syz-executor.4: attempt to access beyond end of device
[ 3225.903486] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3225.904544] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3225.924427] syz-executor.4: attempt to access beyond end of device
[ 3225.924427] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3225.926754] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3225.986657] syz-executor.2: attempt to access beyond end of device
[ 3225.986657] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3226.261599] Process accounting resumed
21:47:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b80000001d0001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:47:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:47:27 executing program 6:
syz_mount_image$vfat(&(0x7f0000001400), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000400)="a93925fbb4c5d1cbd2c94d5acff7ac4a539d2aaafda8c0141a4833b293718e1aa4d603da36f23af0ed59a3476ce699135e4a6c93268c3ae526a9c8e3f76c555b43c2122919a0bd918e48898d95a5d4753cc0ddebed78710937984933db8902b1e95b443dad052db40085da320224fc693014a3398f85368dd6aaec3909f311cf0594c957affd48139a92719dca740c437847fd8d1fa6d9f2654c813651b67c71e0acc9538f405980dbb9bb631f6757305a9aa51ad2cf1a57c49989aad5e9fc24f183e49f8ab23d0f98effbff51b04b01f2c1a4ea0fc177c430e15eb8f21347b41fdeb0873ddc5105d7bcb38b3bd0b5b0b5f8da8250c13c60a3134036a7fa59401f91a692ef7ec761258e088c13832745f6f8d8de9b856f127dd4c878c4da4c2753133cbf9a757652b0fd213f718722011cec8b2343086b8646964e68d1693a4534ec0d114bfba040abf8e9520290b28c99dbc2012446078f1e4b4a48b187d5b8340bf96be8b3e247f121e6dccbae6c4b6532f5f0ef8f21f585191bb837ec4703d44761dc2b9321c1d335a9a61bf24092eb416bd03c0846bd8238baf819deab9ec43cccca4934881cf17fe8e8d76bc52a16f0bf8a211c9263690febbaa368e0ed21057f5694f246df347be6927554186b138bac525927ad6dbb2125e2a8f56cb5656a428631007123c4ea6bf90b5e45f0728293c65b2afda3faf1c930d0b1119d1eb5ecfe2830a27ced35ae697f7362e5cf8cbb12adda682197697a0b99812e1e331f89d71233295ccab2804d31802012a72184375253a9fd988ae697ec0cd72646cfdd48865eb615955b454007f991d281b63bdbf44c9e6de8a4bb0910f5e85cc6bfd776c7f511da596ca519405dd128565fb6f713a8c7fd9024d4794e59c91121690c2ce329800e4f2861889ed100a64d40db87696679486a9b19a112704e8355fd6a8470fa9ad5060cc5509eed53e85fa228ba42bb3ebfb53ab2c471da1dae865a2d6d8f4fd093e84342eedf9fd21101c53e0edbca7f1c8a20b5ef8587231d00dce35c4fa23a48ff2cbfef56b438e5fc62f8622d0af3d7704621bcb087d0259d3bd62206b5abd95cb655e9b1d9d03d37c3cfbfce4388661577df83537c985369b42c46c5eaea00119269cbbbe58221e0d80998988af7593d286b726078353ff058a8c213a45881ba4c162267a1bc8c1f21512d09c2be5a29d592ed3a613ab16328482b59bcadc3fcf030cf8d383bdf549f9d72fb37088eae21e569f48c85253c921e506d8afb77fab2644501705ae5fdac8c4f354fb0c7a49d9132f2d91634925a5226830aa6254153ed1c31c5fde75e17ff8eca7889b820505476d773a588f3590d106d240330e19b177e72de2582e07c4b1dfdb14556ac04fb79da26a3a75962a26aa1fd8b525134c7d0e2c51a0f5f6cad1f649660bc80ba25d8ce0253fc22c92c4297b526e557592ef82875b1e6165dc5f73f981815e94871f85279140371b61a63b11422bce1fb0a55d86be8acdf1506866d7257a522377511c0289be78b225e3b990aadbc44a92276d1a669a7c2831e03ed10475373847de6d3793fdb420b1f7a5eab3eac8fd73f11619d460a3e1f3bf606c2dd452c76fcca51bc576ffede76b0a52593d2412f6f16ea149e2d47c1c970a316889402e1495052d897a0b4daf412aeec644623eade982c84ab98ebce36477321778fc9fd5dfe111a21c4a7358ec784dc52e324c66a95d4a99cfbe7a95121b834219355b51566d73bf047ebeda92f477ebf947f0d8d9a4bdbcdf0e834ea0bd01b46f6ee6bd6da413049700dc9f01e19fe6b66c8460bc4c622eab39e4a836efed575db20091da0d24524384144ca55460f2b01582b375098258a16c9b0c5f62e3130acdd97eb8fddfc89e888c2725628a7bb57d2e227cbc6f90d974a84858b458de11d026665d2fda1cc06e298a624b899eaa309c86d150db5e6769f12caeebde61253246e5b928ef9f0b0be6a6500e0f1c2efd89542b8afd4dd374708760e3a9d7ed1faaca2d08f1f548f85ef83dd14fcf460e01803b1f20e65b6c10608fed46d468e1cb5d819f966350fc033fa8f0321e57480f9ccea364cf9766345a88afe8c6a010409305e2159ced98e05fabfacb3ac1c45b9fb16d73120edf4783cde7ef745643110407f73620f604b3a5b6e157740874adb87089f3f18a7870d58bb97a3b78bb71dbde2376caade0cac5af1930206567737878f7ff8c805b48d61c8068b66d80654a512773bcce4796b1b67f3ba8482e1a467cd55f80be85436e1d7ec89643b12f7bbf5cd19f5306176c71c416c723876315e8e48af88e263a890e5bdd1aed3ec7ac1bf8f22b9572db9767c03dfa3f44f2ec433fe76a5cfc6c5f1d2733896e5264da703e04abc695aa5431019e859c37a1c227376f8c71712a3f371ee5c4f0ac75dfed72b31eaa8c2e18066aa131ad5665bc739b64070742efc290151e16611ea7cc31da68dbbf854d9f54daf925eac30741f1a73c086159a58769ed53447affd8f0a4def6ed2d5c8e98aebcbe33d684f10a86d041ffafa2f8181cf908d060984a7d99822c103bfdd16d4dc98e986db5221b2918cd46891885ece1326b5965b0c8d9e5fca6f3fb3f25dbca846c620e5e693eef0ed442cb4186376eb8239b172edb70100fe9e6819b24555fbd658ef2d821dbb8117b8cd947ae4e5c6f1b748924294d231d36de7ca262efdd7f5e9d207fe23cb59e519388208f2afa5ad348c808b3abea12f875f2e92381b197a2e9068c74d186dfceee206eddf31899dfa065c29e0ef201542ffaaafb8c8ac0ad8ff59d334730c8d11a889bb8dd03d4dbd673e44c1ee5532a7f12fdf94fc0af214d13ea72c3473f183c40300cbe82fea2d645958d244af3ac84f0c051e368b9a6d7728c70140fc5c552594dbd0e75f5811715a1e2729a2d3392fbb2e291185f075018602519110e51b37670485a0d36903eb8be48280d4eb5badf696831d7ac7d2d1db1507a37591eb5d332b2f3c3ba08b2a52f627136252fda578ef74d18c63c2c1fb4e74bf1de8164670260a01ec9f8de4a74b3f00f3edc197d940d5d578c8f80ec0caca2351299b729b5788f703625bc2d85ba3354295b1fdb1ed2359a35f31b76e24f30813993b6fb465741007a3df6aa2608243e687f11e437cb5fb73f60f337d8e886f38cf9e2563523f9e867db8abecd394f4022e4669d6433109d31df0b1b66d08f5eccbd877b7f4d0666f4389faf78b4e2f15bdadec1fa844dc021844f1df767b46baa802df62aff98f24e7ea783e85c6d96b2e46fee7765c37927272e7d7b5e560e0e344ae5db7582b63675687ec02c66f389da0148c41fad34f66c8af1bff049df4957270484f0d21f3af0f81cf6b1f5593e363c0251cb61a071fdef47a629e9417824cf8d4fa7143611969cc46a3280de1dfecd62306fae799d6256836c9fdd18cc8555320370ee8fb2e5e531a4d6829eec1694f64f814313dca8341a86b4a942287c2651614630fdbdd10a3a525a29c07b1025422f9ba6fe65f930cecbf1c035a9f54859928617bed2b3ea1751161b942a5b6684c925016936f50bfaa0f9eeed91c66c871c8f3d6b607aa703df12baa24732b0709f00feae19ed3f2c145a4bc2b03a0b4dafedace79fc1ea11bc0669b5bfda7ac8f1b78a599fce7434c73f9d3667cd7d0b9744699844fd9b12b99a43a9387d4738df1b4631d7838942e19373961bb62a315582a2abd7dca2107ed43b4d7bce47e76668598bb60273749d1ab1cb2e908f89cf604157218913812a18c416751b10826fd0cf633d71befcf973538f2fd1753dba9a6ce509cc1b04db84ad2bde7754ceaa35589b0ceff3a6822f1ddbad91e9c7b93354fd2c9f4d537cf7fade61f2c3a558be6f0729e9e0cf21ae4c0851ef7f27a2cfba70f73433a572cbf0ff11c372ec56efeda43e539fe6c4034b2e3de1852bfd4895479ee31281b4e45e1838b1a18b694229636e8be189430fa3e445fe3df6d7d00168dc108755244888b441d22e3308ffa4ec489309b30a32f9e6bf9220bfecfb9fe2352a8d317e068fb01ade6ad13eb7e19b67401901e348e90066cff8c675d5824a6a67230207d494df70fa8814c59342c42026faa988233fe5cda9c472e6ff6a980a5d966bd0faa174bf9e7f06ef82e9788e5ff69eef8026c24acff0ec07f296f5e8a5e07f295066dd59311a394d57cf634184bdcb052553e672f58be9bf7c44838bf50cfa5887784c11e9a44b932ae3c6eb1be6f37d664962f33180035c6ce4809db6be4b01a27c69f71f41af97514947d34db7a0355fd4cd7466f5766d457fa08a139544cd46922744c2e7c4bd406c71efc2fda9465e2686845f1312c1aa3fe73478c633d37cc01f046b406d928ede77620cdf5356e48e22a99a2bc0c920be879032ba6ac915d724422616e9d4ee64c6e731153e3b5ce42186876577506c2352160e53e824adfb3043274087c76473ac27a983475c43a745197c382802727ae2960a48a6afe1e8ffb03862c62a71590a667e925d9b6e2119422c9a165b492b2e662962b02923396f4f91f8c0074e346e8971f8c202acf6728383626fcbeff3973ff3a52caf3062dfb4caece25219080a85ff699a051a52a6eca16373bbe472054ffe9d011c317cce7e03c3ffe41bc021f25cb3a7ce5521ac4b7c5cfc3a04465313ee529324d27bb334d9259fabb5d07c808dba2763db124fc92e9aa108024d89113d267aa1313c988958046bc130a159c12547e7d22f7521fe7392e33d4cffc5aba5a2522f57e39fe61c7682b0a6d4eceb30297e6e14440505c74214327a3603b9f9c2da1289752cd32802ceb989df91ddf797a6e7c892313e811e1867d8dd5fbcbefeb78fd4f7e92737bf3127a76ec3759fcd42e999d89881e0e85fb1ba639e24f3b000541b2e4bf7acfdd8ce3cd4927e7f2b56090233a02f38586ea59988aed5bc73f0a6977c677d0ba838030ea413ce2a9d2d5fef162079893dd3e1bcb102682c5b3a94b69f02355ba84306955d0055469d8c913303c78e7effcbe27b11b8d7d2dbed0825228add65a59a43f96787d7c1b957b888c8fea8b0b2e51bf0396c618d7812aeec1734297d7a2dcbebc93894f82093d0eaa43fda095b50c8b5b14f107f70498a5e997c3140233a447684d3136345e7b1f41557f6eb92d3d820475f007074e6c5004b88d7fd9c0f64aefc15d6a7930938490ff98be64ad478f961040aa43b6b13b7e796ac7eeea09746403f5c9c12559c0e07a17352f87861d63efef63ffa9658b0be1abea8cacd3e16814adf4a21eb6d483ca4c35d145e44e19efaa0c2675ff3f44286c76fc02fc32945b04868f3c0344dec95e3a533aaba8de14a2e06d14d0f38ded668dc4f68454ab72770fa79f6a8c5cfd12ecf72038c21b3c329b7f6b6bfcaa25359773f070a26e99b2ac0a4de99fea7a60e3fd5718a4790a78b8cfe68981b587db995a3050e13facf6bdb278d2cf18303e58cf126024df1193732093cd54da912339df94f7c88e7b39bd4273e9ebbfad4e88e4c6d3e8ac9a8c165f67aca3db74a212c8b3e99a8acd7ecca97d8b1e74014b762aea411a2380d42fd22444a64d1995190420c0531e000000000000a98d9e61a4f621bfd870bfbe50efe31ad7fadfdcde9d5a91f36c31a2f1fbe58ba9cc5c3e200cd0d37742a3b44a2143474d2751fdcd62bddd814737ce238795f1886357107d5882808a078f27f372083953c2713cd92e66b52194166d9fb49bad6e7d160b7412bf122a8e8ec1b20fade11c701b78e2ca8303", 0x1000, 0x5}], 0x410, &(0x7f0000001440)=ANY=[@ANYRES32, @ANYRESOCT])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = gettid()
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x81}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)
fgetxattr(r4, &(0x7f0000001480)=ANY=[@ANYBLOB="6f73322ef1ff2f242c405c0d5e2b5b5b003832c600ae411973ec3151e5554dd46c4d91b799221806a8fdadacd056380f32eee94ab92acf10ac1c65963a1a99c167c34151b363d79a692825a1f5f3af6a035b2d7968950cdbdd96695c38a93f67358f6259dc17e0021ac2389f0e2e7bb5c8d84dbf0f617aa935739288e112da38d07002ce1eff6861f6e58efc59e819cbc91acddaa66c60b4841810847a6c481a27b95028019821e6a17a3f3b8263d1c68165e7bd514a27aed21df5b5504a9a501f40b6a22c14be1a8fde6430e284b5ef58962ac49c9f551226661788965a365b987268494be465fbedf88d6976d55bdbe71f39d2287c1916c1"], &(0x7f00000003c0)=""/41, 0x29)

21:47:27 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)

21:47:27 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:27 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:47:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3240.682576] loop4: detected capacity change from 0 to 40
[ 3240.692515] loop2: detected capacity change from 0 to 40
[ 3240.694932] loop5: detected capacity change from 0 to 40
[ 3240.697341] loop3: detected capacity change from 0 to 40
[ 3240.697772] loop7: detected capacity change from 0 to 40
[ 3240.699497] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.1'.
21:47:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x400, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000280001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

[ 3240.864028] syz-executor.3: attempt to access beyond end of device
[ 3240.864028] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3240.865992] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3240.924990] loop5: detected capacity change from 0 to 40
[ 3241.027012] syz-executor.2: attempt to access beyond end of device
[ 3241.027012] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.029064] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3241.055021] syz-executor.7: attempt to access beyond end of device
[ 3241.055021] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.056960] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3241.065073] netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'.
21:47:27 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3241.151209] syz-executor.4: attempt to access beyond end of device
[ 3241.151209] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.153638] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:47:27 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190300000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:47:27 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:47:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3241.305871] Process accounting resumed
[ 3241.306922] syz-executor.4: attempt to access beyond end of device
[ 3241.306922] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.308637] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3241.317403] loop3: detected capacity change from 0 to 40
21:47:27 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000600)={{0x1, 0x1, 0x18, <r1=>r0, @out_args}, './file1\x00'})
perf_event_open(&(0x7f0000000580)={0x5, 0x66, 0xf7, 0x1, 0x1, 0xb, 0x0, 0x9f, 0x88000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3ff, 0x0, @perf_bp={&(0x7f0000000540), 0xc}, 0x4844, 0x7, 0x6, 0x6, 0x4, 0x8, 0xcd2, 0x0, 0x5357, 0x0, 0x200}, 0x0, 0x6, r1, 0x8)
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x5, 0x0, 0x0, 0x80000100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x80, 0x288081)
ioctl$EVIOCSCLOCKID(r5, 0x400445a0, &(0x7f0000000040)=0x9)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r3, r2, 0x0, 0xfffffdef)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="b80000000000000000000000000000000000000000000000007f0000010000040000000000000000000000000000000000f1ffff7f0000000000000000000000a7ca5ce47cc1620280171d66e6b77e971e5357680f7217d8744ca4250b39faa4538ea67e8c9f740ef4a9a32b8813d28aebb367bf158e5e0920d619de9851515526511b2bfccfc75f7b2b578e36cfc1d829eeaa39a62ade87d5ecd524b18afe521682bd1fa0a8f1ccbf71e65dd45aad4a5874168dc987e89a7b353948c5c3a0f041217b8096c6bd29eee3f3098123f68ab36324ac0b2f3a947b24482787cbf9b89d87c39761e258e7086e4cb9f001b19c296966e96593d8f712e576abbd546f835377b63f607678cf58a2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
sendfile(r4, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb)
sendmmsg$inet6(r4, &(0x7f0000000240)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x7, @remote, 0x2}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000300)="94a3eb3ac3cf26e35573ff4377c9b27c8a5a668d9b79b52a7f9ca587ca2c6472c13fa662db878a35a6c680d0294d2a17ced1c80713bd13b51614363f18f3111257b4d37072bd141c8aab6c9373aa06dbcf7c5ef448e503b5fcb450416e959688fc60fc1064ecabf964030634619941069a01664e918e0f692fa636937ec1cc82733287851c19d8233c9c8b8549cf55d293fbf27a647a1bf5a62e9925b022359e6822e36b124f562dc665c7b34ec419303f40c7", 0xb3}], 0x1, &(0x7f00000009c0)=ANY=[@ANYBLOB="68000000000000002900000039000000160a01e000000000fe8000000000000000000000ba3f66a6c5937bf100000018fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb480000000000000029000000390000008706000000000000fc02000000000000000000000000000000000000000000000000000000000001200100000000000000000000000000021400000000000000290000000b00000000000101000000001400000000000000290000000b0000000000086200000000280000000000000029000000390000002c02007300000000fe880000000000000000000000000001140000000000000029000004dd6c47c036a0049e0ed2c5ea0989ee0008000000ff0f0000000000006000000000000000290000003600000073080000000000000728000000000806434affffffff00000000100100000000000068ffffffffffffff6500000000000000010700000000000000000100c204"], 0x180}}], 0x1, 0x2000c800)

[ 3241.348410] syz-executor.4: attempt to access beyond end of device
[ 3241.348410] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.350226] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3241.381630] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=793 sclass=netlink_xfrm_socket pid=14116 comm=syz-executor.1
[ 3241.390095] loop7: detected capacity change from 0 to 40
21:47:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

[ 3241.463338] loop2: detected capacity change from 0 to 40
[ 3241.575731] loop4: detected capacity change from 0 to 40
[ 3241.690124] syz-executor.3: attempt to access beyond end of device
[ 3241.690124] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.692036] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3241.758328] Process accounting resumed
[ 3241.822047] syz-executor.2: attempt to access beyond end of device
[ 3241.822047] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.823939] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 3241.852024] syz-executor.7: attempt to access beyond end of device
[ 3241.852024] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.853963] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3241.890230] syz-executor.4: attempt to access beyond end of device
[ 3241.890230] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3241.892670] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3241.935954] Process accounting resumed
[ 3263.946119] loop7: detected capacity change from 0 to 40
[ 3263.958619] loop5: detected capacity change from 0 to 40
21:47:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

21:47:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190400000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:47:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

21:47:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)

21:47:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f00000001c0), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000380)={0x0, 0x100082, 0x100000, {r0}}, 0x20)

21:47:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x113d42, 0x4)
write$binfmt_aout(r2, &(0x7f0000000300)={{0x107, 0x2, 0x4, 0x1c8, 0x11f, 0x23d, 0x73, 0x6b}, "08217f06530119c46bf384ab2678a04444b3e1993af490e6fe5ae67c4678e9a41eceb0bfb7096cd640bfea6c8b3649f6ed53898c3be5b7887538b389bb5b5767e23ea1aac2b6d1cf79e38fa592cfe695b43faba934d82c5bddc669ff32293cd27928f7e923a61a4d011aca2a1889897e55d4ae31", ['\x00']}, 0x194)
sendmsg$nl_xfrm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="b8000000190001000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e64385f5"], 0xb8}}, 0x0)
sendfile(r1, r3, 0x0, 0xfffffdef)

[ 3263.997392] loop2: detected capacity change from 0 to 40
[ 3264.005321] loop3: detected capacity change from 0 to 40
[ 3264.012007] loop4: detected capacity change from 0 to 40
[ 3264.039802] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1049 sclass=netlink_xfrm_socket pid=14150 comm=syz-executor.1
[ 3264.110639] bio_check_eod: 2 callbacks suppressed
[ 3264.110656] syz-executor.7: attempt to access beyond end of device
[ 3264.110656] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.112041] buffer_io_error: 2 callbacks suppressed
[ 3264.112067] Buffer I/O error on dev loop7, logical block 10, lost async page write
21:47:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = signalfd(r0, &(0x7f0000000240)={[0x101]}, 0x8)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x3)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xde, 0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
mount_setattr(r1, &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f00000001c0)={0x7, 0x100080, 0x100000, {r0}}, 0x20)

[ 3264.208851] syz-executor.4: attempt to access beyond end of device
[ 3264.208851] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.209959] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:47:50 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190201000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:47:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3264.254213] Process accounting resumed
[ 3264.255586] syz-executor.4: attempt to access beyond end of device
[ 3264.255586] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.256519] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:47:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
acct(&(0x7f0000000000)='./file1\x00')
sendfile(r1, r0, 0x0, 0xfffffdef)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

[ 3264.264598] syz-executor.4: attempt to access beyond end of device
[ 3264.264598] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.265613] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3264.295922] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=537 sclass=netlink_xfrm_socket pid=14158 comm=syz-executor.1
[ 3264.310050] loop5: detected capacity change from 0 to 40
[ 3264.341113] loop4: detected capacity change from 0 to 40
[ 3264.349553] loop7: detected capacity change from 0 to 40
21:47:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
openat(r0, &(0x7f0000002800)='./file0\x00', 0x40080, 0x151)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0x7, 0x0, 0xfffc, 0x0, 0x60}, 0x0, 0xffffffffffffffff, r2, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x6, 0xa, &(0x7f0000002680)=[{&(0x7f0000000300)="4ebbdc5c608b1646f4c80c343e8e3baf20ac49d3f400c1fcadf5cd26282466aaf5fd2c3039accc5cc6fbe85d949d5821dc5b6aa08bd55d73247b37fcc96d155961f146eb41052ca8b98a3fb3c04ff0994cb68018c7c90e8aa57ef3c38333e09a7d17da3d5b92d59daefc786ccdd62fd1416bcf6acc32e120ba126af5a7c6394424f022dde4e4ea658bcfe00573144050e16b52a8d4ca80c65f85850eb6a9c86321aa827f", 0xa4, 0x7ff}, {&(0x7f0000000180)="cf2fb47fcda85cd693b48966b492abc778ca454466225edf9489eef5eeec7767bd68039323ee00034c1bdc07399d462ed9d97dd6acd68997f8cff7", 0x3b, 0xfffffffffffffff7}, {&(0x7f00000003c0)="62f9eebd6b2655c44c6c9b0946890094401211b15759c611e53f657abf05b04829ee3b7440c5c6124e19c90a7fb29c18a35d67d517737ae1e84e62fe21b83f69626f12a27591989cda7fa59648db1aee7e7445fcd99dc8f48146", 0x5a, 0x8000}, {&(0x7f00000001c0)="26c4b8c7e4c50cd91e38be9d65a16d3687", 0x11, 0x1}, {&(0x7f0000000440)="fbd324de31f973785023bc9c08e2f4b246bfd4f0101b8e21d69eb8607afdd780dd102f32777aaf18c99b73dbc48369c1cf6ca833200cfd6b8a9c504043142aa185905d1760562bb31fd1ce27da3a383a650b012da8c4917f7cad028b817fbdc35002489a191554883d9f7c146cc3bc76751029604a985adf5c0bf142f5a28b6f337653858c1f9a112e75fab57463ad8a885ca14169386f7358b8a56e9da74d13591c24051f834b552ba33db4217af68f9553635eadc61388ee2d14234524efe930b17066b14d0c0563face0ded8e895d0bc89f8c1617d82c7904e71320494ed0a612675cf3aca1d06a", 0xe9, 0x1}, {&(0x7f0000000540)="4cf2398d190872b2dbfebcacd14017ac746dbd11eb412a872dc691c8c3bf2ac34fa5c8220b61331f45ace9b7856676910b679b2f5bb1a7637f49c2339776c644963771207863bbb4457255fd1b7743b9b268b85eb438d3c7791541ce3306975e811f0d75f29eb1be89bc80cb9f47070f69364d6dfd1290c3619d6814f6762783fd952639bcf6f93873a22b4bf57136d0b7c6f194b2f36c2560236a77c7045835379698fe080b663f847989cbee7b9e7dba3cdc6eeac60f0228e21e5a00486ec6dd9f618b277d62dfde19992ba099e1b4f898e7874caec95fa4ca354dc08c52c9c3ae871c3c3ae504d45a717651b82aa0b0662b997ad483fe823d5153af2a8fd8d13b527a6ea404fa967b772ebf4e5519c1951c28c98d483778ee4dd575dcc0ca498c111b79c1599e020eaedf2bc1e1e303b9083835add7c4b8e287695d1bae52acf9e61075578a442c73cb08ace5c8142f67741d329e28737c293761d639b00256170a26943ca39daa4c0bdbd0d2f09232a6fe3e6e651701e1455989ad94fa4ece3d275d888b34666219fee212cdf705932cc79eb36b0ec2d4e67defcf5e33053c5ff912a1b05ef7c1b064ad8cf1a5dec595aef85433bf851153a0640527b60389bc6a84327c458bb02a6ea0d9be0cbfc826397aa17b059f7f5a2e05ef5d0f56c421f9321fa78d266a960c2af04bfb86401734133cd74c147acf0fe5daff42b2fc51a894d2e947dbb727aceffafc3de9f4f64071fdb9fa2f9ed42f98a8b6deea6d24f3c9eedc1636658d1193fa64c5f17bb9f2c26985c6bc99d01c9c6eb41eecaca3451f500dda51c99ff6a8b3abec55641356d9bd1727f5d61bcd9f9fc0f6150769f48d26a451037238d609a2eee6246f1429f567bfc3d0633b14cf9afb964038fbc80aa0a1855dadcbfcdeef242605b66a6d820e2fefb3b0254d9559d8118d3c054d40016e1f543529e398661318e56ef5beae4a7477d70d037e97b4245027fdd20aa09706f14842911e40ac0d36203ad6296797c33fa729183f641600410955ef5ff6709ab47841aba62377252ec71cb6b6ac258bcded49d50dd32e4980331dd8153c1fa316d18d049afd61797dfdefd8bf925be1ec6fbed681ad3869c21b89558268ef5f99d84937ffd0328a6bd68354ab4078b73bba019adad11f4d2d899f03d62ffd4f899b160a476e559855cf53d73dc0f3d30c5c8f1af3a5d24383be91b78dc57ec211be704e4a8cedf4dab7aa2391bd1b6fdcc9f1bf0d4be663b82fb18030a2b7c05ec6df121b3f917bdf99f94133fdb877663e3f353459fa9e77d2ff9c7be3d999741c277b2efa7b22ed41f4b0227fdf29e19b7d6d8bbad217156ffd781c52eaee12222318de4f6aa4b682cefc107906af08d38e9c1accd5a65b055d6134b2f3cb2aa2c127fb51310d05d5361d8d12627f5d885fbf9a7681aa2b6b2616c8575c83838f9eae839ac5d32746c8cbd16a70de2928252e68a025177c06b9595cf10ea06d9c9a2c765b6b45298b41c2d023e3f4fe1833773dee2d41e130f87c86cae705dda6510dc5cb1d1bd36da0d31713064a63036a26ef216e974b5220fb6c0faa3bafc3833b0aeda1102c78b4d1288a7f79f2b092a0e7f243ccdf47db9ded809a31a64156025208b0ab5434e9a44399277d7df797fcaf89f4b0688b3d3e60830b92c92fdd35dde705e6f3dce6557639fa018e4b37f41bcdba7137f5aae93e4824302c53d454762da9b93b8583266e8312aebf765d38e8794b01e4ef7d9606b11b8c0cb59e8b7a0af1fbab1270cbe343e1e27fdac80ebc542a439a41da835d8f8082d392b1435801899a8f9a60e5c413ccd35b90921c4637be15fb2418d36c687062276cb9436f14ae5b37b7dde2c1f3b54e4896b4d9918d5bad4e7e7aa0b940bd976d40c3d99ab4145b09fee6af28ab56b4f3277b5ee1f3149e4ef046b50f36b61d1bf1070524509aeb953a2ae08dc7f096ab6d9a05e84257642bb5ce373a17ea18513be89270197daea3639b87de6537d5eca7dc31d47255de34f337bfd341e8b1189301de6a0422497fbc627aff535718ee584ad0daaf2b88a58493741af5fb0cbfff99818109c29529e2193ca759b800f91e13e19f5c9061e8ec05b4c8254470749e89797779f52a9bdd30b094be2981ca4cebd3e575a868ceaaafecaebddd56fea756f609387718848ff2fd033cb8621d51ff3cfe2a189e098d127c38ae01dff57fa9716cb0db7498c920294c73187835b608d41045bb0a6195191294b4bfdff009bdb02bc29b6182859b08b21bbf1a20cd005e4f1c5e40c62f14af06852fda4391d5fef8a7c73be417bc17208015e045402070a6496817f24e9487d29b685d33459a1161548780f06d789e5a1d0ce93084b225819e5b5ede9be02252c56b157c3db5a1fcf18d284bd4c64fd2da8b4cb583baf100d89c6d9ba0b7cf89a98e06dc729454be7cc057005956bbfe996eeebc519f8174c5d5a2dc048006bc418b5e42502065ea4f08e496d290494defa3c1680b9b38026c295eb6d81c9034a050f2b1a881c8bbea5b9b44b5002525a9be6ca2369b71c4c3aaae0d2f783046276ce5b6f1a5766aa7e354238db381004a5dc05553b791ebb7b1c064156027da6800242ed44183de0141661cd161fc5676963fbab9187a04550636a35d08f997339d92add2105860d9b6eeda2715d9c2d3588a6ad6ae1b36b7bdc25ffdea298091e23d4cff848f8554a59fced030557b87eab0f4e81e2b9ebc01d6ff6a0d32de18b57a2af45e4dda96f9645cc54a08cea87a5e3df89c97941090dc19918ad68589f7a63dbd88de429ac431a8c68045967a40397476787d9716e1eb0dcf9090d3e9b2c029a5e4109af1737805788c5e6cf41777051f82f4d83f2d3dd8ce92648a36a1bc556aea053c24b5a81a18521be48cb83f4bfc795c78e6730020d7291b1b21b57d6c3cb71d7b8759d391266c208afe286603c9d345d3fb09cc4029417ca645bbd15fdecc2f0be0e24c9d94c6f5e504e9ca701aa826f8876a0f11cbbe0fba34cd95e610af21b37c6d8bc5955a0c355095bbe4ad0e0e827977bf7ceda44d87c4b24e0914481acc112b568c8026379d980a18f354d495d4405e0635e8e2c50a3b66dbbab1984aee391e845b9b72c04d9e33d6472a53ae6939d6c0947075518dfd83beef12f7953e5c4b74f4d6a9ab569b693de75d2d2e28aab2b67f3c4e53e1fed7737f0e87d9d11f97d159866debaee0d2e345dcca65aff64f5214e59bde24d70993b4bac07ee6656879129f1d643e1583563f105beaded9925148d1e7dcc5729294b2df5138d9383e745a769328b58a1071cf0cbd2ce2502935d8122d2961155c6bb7242fbe94dce09f9ed1728f6b4a0723ddfa17cf9b343e9825ba25fb9536f69b73f2e264105422afc512f1e3b878a06fcb828274e55d2a7abb3ec6a033a2354cad892379b566cd9a4d2f6ea497e58508a2c1a633d17ed2906beca701a09dbd38ed34d8b29615a77ad896e5383ca07a2094d32b9d9ff46fc1e164940af4ea31e0a85882b3872027b1e7a9493824e688ee959e2e2d4cfc1fab72dfff293c39d9b63c6bedb383cd4a8186b092c9dacbafcb5c9e3a2696d3f5963c66b84c03635bfcd7a32aa4fba85aab185fee69879e35468b5152558f7742820b9d75a3ee35bcc113c8ef9d85a20a3a17c9167e5606ac060b2a5ce84eba244c43eb066711674a3916b31c581d56c92fae6470991d798c618b391907fdc219b86d3035fdc60d065d8dc80053f451dc59b177d609874e764197ec4e5b4b84554387ee2e0c056ef50cab83a0fefb3e31bca1275e509e5c09391581cef674be320ec48eab15ea52b6e5e66ff0b113b4ca702432e28d0589682e53955bd03a0125b94696a69f6c0936613143f5de190d7f35573b70c95a8aa6158db766052cffe0a39f8bf6d1fcd7359102ddb8fa3f7852ab2c98169cc24651cc0b1001c2f4e1d47f6969769c0441a6697df4e8285fb4575131af2706ea3639a2272a5293ddd269ee1c8db07c670a5c255983e690b2dbeb3658b448cc3f5772a41e41f7174738598a77651cf77c2e7a2c1593042d07e58c7ed2b1d6b547e34a8f16e118cb4e6da9dd1549429470270c411c4bb7ff6c663c2c578b9574134963466ee8b2de2c87a2252a99549b7c1ae32820e825289489f8afb91a16e39615dfc51869af824e257409cece50c065fac8c05e443f63d2555ed1e0371e1760f27594dffd3f8ce5524cf02a492e78c4fc25db2035f96c245db0eacc377a5f170d7801e3b4b8da3c44883a731ddba46c90d6539fb1301c6cfa9a2dd30d308eb681dfd752a9108a781108be98d49ab6397f7f3e01e3c397d79c5cac164ea2b23d7f623a3ca991871dcf7638b5c5b91bf11c17e2fba9dedab30583519866c5d563eff8f1c387b0328dd1865e1558de8406180daf100cf57ae592b9e03a092ff7c32cfad6ca4fb99a00fd7cc8e48bfdda18a2e0223340861474a819c13c04b3c933a66e98926ea14776aee848c9cd2e83a9d00a770e5d86388137c1baef4117aaa22920ef537dd174e2b9d63b9bc082284ae14ff67835c1cdd91854236e3f686e39f25c53fa774b3d26ec0dcc021534e424664f035ce05133ddc2abfd670053b5c63a3dbcc86f9144f079a038d9fa447fcd0d1a248483b2b3196d002962d26d7a0076caebd56ea7a5db9e085ebc7e231be06d66c647435a243e43812df07a61a040a2aed2d45cb3fe99fd55a342bced0fbb73e0947e3287ab949d04cd74258f14a69732a59962af0ad994a922dc8e38c1ac9980fbce7c82efaadf7cb3f62cf4a0ca58e518c011cee95cb9112249b0a53439699577cab278184f584ead770c91e8115245074c85d464e6de97364eed801ad48fccc81b79ff532262e540fd119a6edb1c7429b80674cd70dbc138200c3994d81c55368258abd9596f37a9ed7275c90c957066d89101103a82f56a6db0d4d9954634799fb277b8a3631865579789482d88acbdec0fbf7eba80e8d697bc9ccfcfaa635ea5ed9725cee8295952f0ddda95add2338d330601d88e77cff8b293d375c936283014d27afa3a70e895da96830d560246c486cf40778a33ac761ff2269c667dce08cec8d75b4ae721dabd1b041c3474c348360cc4ef1cd878ea50c9fca47cebd156c97e1b0473c17d300d1def438c70d3a4df06fb01b29e148791e22e204a96e6fc84a9a685b9662871ec63e2b39ca4d2205c3a95e8c591047331288204293540b12a60886a692f2f9d13c2e409cd81904fccab8d25a8c1fa99db96a086e8cc8435ae805a6029bbfb414f04fcc0d3f31f853bf3acd6d5371c34ea4d8e6cedb7a4a75ea576b95443326e207a078004dec7e841f9ee678cabe232861b331838ffbb1b724741b57c3ad818ae663ef8f099b7dc77627adfa424c41ad51828bce5a44b684f00e0192db1e50e6020ccc6d21d31a07b52f967070672fecabebbea5d5a5e2716baac0323889bacc9d5b960da23463e9912b850fb82c11b1e3de9123758f847fbea2631f0463a4b58caca726e68c040fe6f5aba0dd17dfb5428fe5daa53b817ff04443e83df8f8ee93123d0ce1c6b42af8242a3db5ca8e45efb1e5593302304a808cf32ec9205290345ce1936cecea36135391c138c0cbed5d56f7d8ac8500cd2bb566ca15cb7268d7c61f86b018c950497dd13714c05ace7833e66564abed2fd5342042583af28c6d25ee1b2f4042a7bc28b54508a911fee3b4f974cccfa40e8951b514ccda8f4ccf4f6508c61b8c18f40b81c76b55ae552", 0x1000, 0x2}, {&(0x7f0000000240)="8750bbe9164e11368f9e25be2c4c7c", 0xf, 0x3ff}, {&(0x7f0000001540)="e239b612fb4bbce31834f55c806c5e0a8812ec43971b466ee694752decfa1f574899a463c438c834d6bfe1a17a54d5b1f9f9d296e46ae62c4efcc2b4a9c03eedde2c4094a99798d4127869942bf6675792d736545ff1183ee63f7bcf722f56ae810fcd894e9d24390b87dd8c8bfc366500631853ca577959116cf7eb0a657d55f3ffea4a05082498227d3aacdd90bd19dbc519fcee5e6c3013cdbd090bb6e34909bc9dab8f52fd113eaa1d967999bef110c937da0a296b1a0c933c089529f6e15048d78716f3a62f8a042df5848027a5e2d3451c18dd1bc6ec75bac4124666848a6c7bdf1c10976642eaa0e1d872f7aae94e03124e6cac5603332691213283fc831d0b1275d0f3da82e1188fa641054011eab9baf1c234fddc069b8207629fe426bb2b24435236b8b6274af167c412cebe869195fc7b143f96519e86c53e6eaaca21b5b83a30d3352d2e15ef668ece9f0eabf212b1da3814260ce0719b9df431164dc294afbe182ef893439e570ddb20833a70a7ad94dcbe4cc4d8d80f4c1855a2e9764facc39f7444379ee83245b1d520be7258b2c54822077c37477e5b8c1242d922c44fa6756c34570b40e99a45cd7a2c8d6cc7fa94ad93804ef8f2227e1ded2f1fcb0a2e2d1323dbc6289b9a53fa261e620e55e4960764c3204082903ffd7b5150d0e469e9ee8243e25b20ca6cf401ec65e6e1a9a69bfe20fd122edd1fde2e27b55a5d0c3eaaaa46374c15d05b49cfe2febe077afa6e9d0e36691a3861f47b60810686eb031c92f758e74fb0576bd91d0cb786fc14c6f86e44c1a7c2a96411fee2dfbc188b9c90523ab4d4d775fe49efe0e204b60d3e94689025878525b1d9c4bdee5e6dbd50481c6860def9a87c43029159aff52dffc36dc02f99776523ba289d34e075c9b27d2d65522de4fe124f75805bb992efed7006ec47a870328f0260521bf04b995b9b7011623de5b31fe9782e82b568e55cabb0267e6f4048c6dc48b6dc09ec34a034710dd9f529887f810582ea2383883f801ac7d18e18f047f9106967167a7cb8849f70fed140a91bc2944e3e2e5199fcbb3f4ced11041375b09e97f538dfbae4461bb677aceccf2fa86501c083c8274b3ee64ecc750cb2ab92a66a15b1ada98473ca03bae941dd43c7c07c99e3a2b2f0914cbc6b2eb535e2d854fc28c81d6357b0994f1c339e6c93b31511304b696f8fcfb6e35ce757d3f91c540155b3f7918f1facf837668cc5369b937fafb1926b9a57e39f70c37ddece386f27d5ace6ade3270d5f28f3ac4624aa4bbe9ab0f5b55f041bb42b909c8ec834052ebb8b8dc71d1b86f652d67710413af47203f6285fc0677be2ac003216c96cac0cde41ce96def0ee4f7e8c4a60cb004cef6371e6aa80640c491c260d7f2b69f7552eadc2f8cc761e03f9163fee10056b691c2d5f9c8335bce7ee595e52ebf5e5589ee5a4bdcd54c77f358757d18ea23e0a5fefcd8c4e659413a9992a09bd5ec8300ceeb0dc4a26040fea67c906d8caf5b4bff948b40e48930b864a293e589518906102cd90343373a8dc359aaa36ce3e3aded26eb96177aeab7efa537c9bba68706e3c8a131ad50603f82d42a1a2db1b1308cfad662f9d5515126fc88041961c99059bb5aefe92afcbee211be9b7eb4526add1c0ada6516bce06ea9d1057228c2a7ab33c9145b13ed08903069bd7b714e7327299cb5b86acab7dd8fc28e906f8e3d171b479a7ddd0dcc1a5a9af5accfe05bcd36ecd594cb11ee8f6f16e1af49d81d0d93a9928aec95f7700241fcea0e9520ec09daf68d26366ab6a49cff07057875a67c7ba38f4461e25d40d7d3c6424670d06ca00697d7b45ef75d01dadd6591a144b246dc1bf726d08d321aa8ac2e1b2539076f05c65edd59e035710ffe9345dca3a760039adb891ddc6f34401ede356bfb29cca4c748060bae049105ad4653373bd8d53ff7d2e25576bca832500bc28f33764d6510124d37904dfee33494530c4b67932d9faa10fff544c0b480213b67da84da5404b4e1af9a456fdc20be86defca35185d3fa18702a55730c46d33bd76e422cb60fc959ab8e1d6ffb72cb96a9b2a0328ea087ee3120a9d32c47c85a89463dc4ed08a7c40a03e8377e8c9f4d3b1a38151f467abd911943c151966b23731c68f999d4462f5ef148fec54d4cfa5dd9c88bacbefc9b63d227a8a0ae5e35b7d82c68722b4d7f21f57ead6eae87102a9dc9ca8f158ccfad139d69c1dfac6bd8bfbf6a4d2ce098f9416524d1381180f60168842677b68e7ecdef267166b53508a2ad6fa36f595a7eb3b18df39e645823c6370691f13f3b5e811b2d7b399dfc523414adbb89390d7bf827487e2ed31c917a414aefc56110e3a420bb8b828fd052a0c6b877b6d0527592893a5a1609374b94b3982d9b3f32b50944e8ccb0046c7405e83968f0ceb1f815622f2ea2ddda2fa01f73ca067ff8ec7fa8279dbd23fc239499133c63f1e9152da8adec9e0168b434911dae07f566b61bb283a632df0a1a5725028a36036b2c4aea59438a6902dea6d57d44bdc14ebf8f5af66a368bc01177667e440779b468e394b639003c9b4cc31fb6d65f2909898c80745a3e8ed2ed517aaf6f4a276b4f0c3a8f190ba7b9697c6941e529c2d8190b83621eefdd426d0fdc6f115cae2135135ade3d86ef2adb751e40fef7c14ba7bf8b854445d4e53880664dae79a59e22bb82e5fad0cb3f41047ae0c9b2b0199aae12cff4ac3a085598d947113ea2baf1292530aa1ed85c83fa00da43534ffe3ed4d6d959285b75227551685f65914ae0b99a4a9613133ba85cdb18314bd31428a4bd947f3a756d1da5ed7493ec53a7993a7e9b5c320020478b37b6b2d684f1ee69fe6d3e0dc97943390ef51262f9a4f10b7b9ea464c9bdf6cda8aae6844e739571cdf69026b6307110d39b8d1e077cdcccff566935dd2572c1a9f51edbf5aae502b6c0fe016ab5d18a980cbf8e23231d71c40ef0f97bc9ed157699f5ea07c88492dd9c25742f2ad5c26603263b5911d951fa48af5bda2b2c359b891e1de801f36ccc0b8c9bcc970307dd907c3c66f341166cfa33cb65ff72f25af5633b4952b1c01544b5a73ca3fef07ec81daa5bb95b0fc2e3f8162d3009be2cffbec7cd1178d04fa6976f53d10f2169a439acadbeb1e062da77bd807f3b697bf3599e90ffdc0be71584240f657fbcfa96a16a495f1c4ffd3bb3524716d75ee0cd49f4fd475bb9e5fa2dec0262c11e33bf7d8338fa84779458733735050df6d12c805195aeae35e4385eb8d13db3ef0711aba5364698f790fca97e00e5d08094ada1fd16f3ec84f48d038d21f0ca0be4e66910b51ad88db0a35f0f6a1eea72a83604b4e4d94edff56a41cff396111217f0dff94534137eec21169e870dd1ab4fbab0e78a18a12448648f2b1bfb9292a3df8097c250e59813051bb927195a12beb3ef9545e08fc19ab738c29e4350fda1ca4f8a96986eec5f2e406d50a610583263f1d08264b4de61d1c3c5589a4fd62d3e5c6ce8f234d3be8d3d769a2f461d72589c0af8456e3d75a7104ca2b90fa1a72a7d0f2cc3ab5ee1d1f64f634079eaadc4496173e3fd2f0ff1d7ed5aacafa095f20becbfee6070fa9018f648966cd1e88702bd8167df6b40fd70debc677a6f5f208221ac865848808a4b61f4798a8f07385d7ec95eeb568c10271edb1e8bce052889f5a4a02e5b1040cf13bd798bf1c297ccee029374d6fafeb12878bd57f967ca98fe69e5d4ba6ea9df0b7dfa53c9bcfe751e7cdaa5e1658c47dcdf081ea546ccc8c85456e5907ab19a6c408ecd4c97b2ab8642a763ac690106766ef893e21f7e4212c8535243c08ba0b48c8b58c79797a447532b2b3c7874a27f982668766b589f4af25bc6bf27013dade084cfdb6f3b4c446eec5ef0ef3b18fa1d9d3723adee95030e396bdb37a962864c25bb5a970a55b651de93b0a3a77922f36230e8b2bb6e952acee3c0130807f52d646adca054c9c90e38ceb01781ff6cc747c7d6862223b06c33583235b8aaf14df7c0f662b8cf231178823f5e04be5ad764268515b892a6ddd5aee8924f627e25a26d6c8b4f2d773cf06a04553e3cc1768e87bfa1302af5e8970b192f7e25f62d86a43915e81c3e9d181bc8f2bd52a04921d95adb6893ab5515c246de0efa58b2bf88a352e8c9dfbc40dbda2d8e4ecc5d0a8aa222f0d360911b35245fb8007095496b4c28243336ec072357be124ba44aadad70b86780e97b76aa076d9f13297d69d1a8211c40196393800f13b63c4999831763aaefc31e95548471f5fae4301367bff5e79d83daf38dfaf682706c00c99d135d14e694fc5eb0cae2eee414d9d903ba735ca49bf109efad45a1d6cd609f6d4a881afcb1a2cb331c8d3d4508899c1d554a3f123d1c05da70cde956055dba5d997810dfb7fbf6bcc77411445411ab415ec4496f2a168acb04beda6a3ccd1ad543036e972bed65ad7154946e347567e3507046b3edac6dc8025c06a04ce25da7f60369a819c8c4f550ac434e2f5729d3b0e09338e76d0a407c5e57052dc5674e7d9ddbdcde6e8fdaabec2aec91fc35d90c5d39efeed5f415e2201300d0892dfd32d306c122ad1cc0b192018d2dc99e9e776a6f3d860db421580f93b56be2219c1f1874f9e4946049240ac0ae128cc856cfaf26567605b608f0ed730c714338b759cf6429a04c2e55d1cb823324f89c2264bae4b92df81779fd43678163acf0317a15dbfbff8e4cc09ed456df84bdf55f38a9b35731209f2a33fbc8464f1616c3410338c4254b5571a5a8774bdc417365a83082769609da8a7d6b2b9a774773ec3a018fb80444e57e9b17b6e26f5a2175a1f35828503a16345d98e693cafbbd3fc9d6927a7459efb60a3804b1919ada2eae58bc28db2b314734bea0f1a8f6bb4068d69925dfb532b9390eadc9735367d4bb08dd09541b6ee9eef12a57be188abd98bd8d54e5d77d0f2f11ae48f70e0fd22658cb230fcfb53889b45f543d66fb77f952c302d8eb138668261e8e0e2e91ba3f62013ed9a0e54c1341890f6a6f9752f8f2aff9b71720fb2d40a5838d169ca3f381f3a7509c4351ad8fedddd76fa649932d2275a2a96eb1815ad27abae106d1e9ab321c055311ccdfa28a93191e310cc2e3998675d675139c29f6bc86528dd6b93890bcaf18d950783818e35ca5ee96c2cd172762e4ba957d6c5f3074405b3e5f86b61ba90e2492c43cfe8452feb76bfdbce019db1b7d22b19addef2d67191279f8f8df968a345073e39e0a0f5be873a6cf286414c1d808cb5602f51344481a14a245b34c6a8047680368da869e28aad8199008e6c9b8d04e835f6edd15fbdb2ddf717b0143af7f5b35b1fb2b54b5f5d58000d4ebc4c515d4dcf27eab674abc588c8baa6fe32b8fe4cf3b4c43656d0f481b4eefad598b81383e3e1b0ba04893a032d29ecfbb2d132b4051760cab03df76fa5316447d5d04f3af1d0b97760e1da4025aa87366cac6c115004e6cec7d25fa6e9526b0759c45c790509d1fe174f0bbe93a0f9c2bef76011f3677ffcf19e7962d5240f8cd6eab2bfa6b4ddbf8c84341a776451f7a6eb7e8e4fdc2dd7481c5543b72a599f5ceb3671b1c7332485df005b114213a6a45a12e89d12d05442a6a15a2cd1e1aebfbea08eb3f7a5b72b190a43935ce7def5c5573e6f07a4c8720722b946a49f821d91b5f2ef5d834a803daae3031e0330d0e166935172a6a8a45c5b1c059f5d4e0f9b9b76fe75385f583545e91a8dbf01d0bf9d475deab7566b7a382e1b26b5fa29c648e8288ae9fa", 0x1000, 0x7}, {&(0x7f0000002540)="b0c436a826285ec23865de1513d87c8763cba5c24c98958840c8d3a28322d52e609a5e6c943035a7282edf77067153", 0x2f, 0x81}, {&(0x7f0000002580)="cfe96bc87fb9d6ec795b1bf97409fcb0ca7347df36bd2e116bd171cb6a692b38e9c630d6999d4b2dd4c2f1c2b09c842ad82326b70742d28ee8e3be002bb6fa8a3e4467b70965787f8bbb29e65e1be3591735510d39f478a07af8dd1db1536678f831ae392b65f6c36e43c741221ce9c203a09745dcb5098a33884c9b1d31764ca97c57008d1b013481cb4ad584da358d6ec1401978e4a1d0ba03fcfa14724348173accfcebaafe07019317d9d4569f6af7e693a137705cdadd825d75fd77ae1efbd80cc55c8950ed5dfea0477f76d1f3cb8561231983e0b7cb3ec91edd1c152f22f618bc0d2b89", 0xe7, 0x2}], 0x0, &(0x7f0000002780)={[{@huge_always}, {@nr_inodes={'nr_inodes', 0x3d, [0x6b]}}, {@huge_never}, {@mpol={'mpol', 0x3d, {'default', '=static', @void}}}], [{@dont_hash}, {@dont_hash}, {@euid_lt={'euid<', 0xee00}}, {@context={'context', 0x3d, 'root'}}]})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3264.432916] syz-executor.3: attempt to access beyond end of device
[ 3264.432916] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.434883] Buffer I/O error on dev loop3, logical block 10, lost async page write
21:47:51 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190301000000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)

21:47:51 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 3264.484544] loop5: detected capacity change from 0 to 40
[ 3264.513871] loop2: detected capacity change from 0 to 40
[ 3264.515678] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=793 sclass=netlink_xfrm_socket pid=14172 comm=syz-executor.1
[ 3264.552011] syz-executor.4: attempt to access beyond end of device
[ 3264.552011] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.554241] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3264.624314] Process accounting resumed
[ 3264.624939] syz-executor.4: attempt to access beyond end of device
[ 3264.624939] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.626355] Buffer I/O error on dev loop4, logical block 10, lost async page write
[ 3264.638758] syz-executor.4: attempt to access beyond end of device
[ 3264.638758] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.640121] Buffer I/O error on dev loop4, logical block 10, lost async page write
21:47:51 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x0)
syz_open_dev$vcsn(0x0, 0xde, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

21:47:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fchmod(r0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000040)=0x8001)
syz_open_dev$vcsu(&(0x7f0000000180), 0x10000, 0x20200)

[ 3264.723750] loop4: detected capacity change from 0 to 40
[ 3264.732570] loop3: detected capacity change from 0 to 40
[ 3264.875128] syz-executor.7: attempt to access beyond end of device
[ 3264.875128] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.877903] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 3264.938373] Process accounting resumed
[ 3264.970781] syz-executor.3: attempt to access beyond end of device
[ 3264.970781] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 3264.972566] Buffer I/O error on dev loop3, logical block 10, lost async page write
[ 3265.578165] ==================================================================
[ 3265.578704] BUG: KASAN: use-after-free in __lock_acquire+0x42c9/0x5e70
[ 3265.579146] Read of size 8 at addr ffff8880189cad98 by task syz-executor/14180
[ 3265.579602] 
[ 3265.579716] CPU: 1 PID: 14180 Comm: syz-executor Not tainted 6.1.0-rc6-next-20221124 #1
[ 3265.580201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3265.580696] Call Trace:
[ 3265.580861]  <TASK>
[ 3265.581011]  dump_stack_lvl+0x8f/0xb7
[ 3265.581265]  print_report+0x175/0x478
[ 3265.581520]  ? __lock_acquire+0x42c9/0x5e70
[ 3265.581798]  kasan_report+0xbf/0x1c0
[ 3265.582044]  ? __lock_acquire+0x42c9/0x5e70
[ 3265.582322]  __lock_acquire+0x42c9/0x5e70
[ 3265.582591]  ? __pfx_mark_lock.part.0+0x10/0x10
[ 3265.582890]  ? finish_task_switch.isra.0+0x22d/0x8a0
[ 3265.583212]  ? __pfx___lock_acquire+0x10/0x10
[ 3265.583516]  ? __switch_to+0x5c3/0xee0
[ 3265.583779]  lock_acquire+0x1a6/0x530
[ 3265.584027]  ? kmemleak_scan+0x1a0/0x1600
[ 3265.584297]  ? __pfx_lock_acquire+0x10/0x10
[ 3265.584579]  ? rcu_read_lock_sched_held+0x42/0x80
[ 3265.584895]  ? trace_rcu_dyntick+0x1a7/0x250
[ 3265.585185]  ? ct_nmi_exit+0x11d/0x1c0
[ 3265.585442]  _raw_spin_lock_irq+0x36/0x50
[ 3265.585715]  ? kmemleak_scan+0x1a0/0x1600
[ 3265.585981]  kmemleak_scan+0x1a0/0x1600
[ 3265.586237]  ? __pfx_kmemleak_scan+0x10/0x10
[ 3265.586521]  ? strncpy_from_user+0x107/0x500
[ 3265.586813]  kmemleak_write+0x574/0x680
[ 3265.587070]  ? __pfx_kmemleak_write+0x10/0x10
[ 3265.587366]  ? debugfs_file_get+0x1d2/0x450
[ 3265.587640]  ? __pfx_debugfs_file_get+0x10/0x10
[ 3265.587937]  full_proxy_write+0x121/0x190
[ 3265.588202]  vfs_write+0x358/0xe40
[ 3265.588441]  ? __pfx_full_proxy_write+0x10/0x10
[ 3265.588735]  ? __pfx_vfs_write+0x10/0x10
[ 3265.588998]  ? lock_release+0x3b6/0x750
[ 3265.589256]  ? syscall_enter_from_user_mode+0x1c/0x50
[ 3265.589579]  ? perf_trace_preemptirq_template+0xa6/0x420
[ 3265.589970]  ? __fget_light+0x212/0x280
[ 3265.590243]  ksys_write+0x12b/0x260
[ 3265.590498]  ? __pfx_ksys_write+0x10/0x10
[ 3265.590778]  ? syscall_enter_from_user_mode+0x21/0x50
[ 3265.591125]  ? syscall_enter_from_user_mode+0x21/0x50
[ 3265.591492]  do_syscall_64+0x3f/0x90
[ 3265.591751]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 3265.592100] RIP: 0033:0x7f2fd1fb55c3
[ 3265.592353] Code: 16 00 00 00 eb ae 90 b8 6e 00 00 00 eb a6 e8 44 ef 04 00 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[ 3265.597041] RSP: 002b:00007ffcc02635f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 3265.597577] RAX: ffffffffffffffda RBX: 00007ffcc0263c38 RCX: 00007f2fd1fb55c3
[ 3265.598075] RDX: 0000000000000004 RSI: 00007f2fd206bed9 RDI: 0000000000000003
[ 3265.598577] RBP: 0000000000000002 R08: 0000000000000cc1 R09: 00007ffcc0374080
[ 3265.599077] R10: 00007ffcc0374090 R11: 0000000000000246 R12: 00000000fffffff6
[ 3265.599593] R13: 00007ffcc0263ef1 R14: 0000000000000000 R15: 000000000031d1ef
[ 3265.600101]  </TASK>
[ 3265.600278] 
[ 3265.600403] Allocated by task 14165:
[ 3265.600756]  kasan_save_stack+0x22/0x50
[ 3265.601136]  kasan_set_track+0x25/0x30
[ 3265.601510]  __kasan_slab_alloc+0x5c/0x70
[ 3265.601903]  kmem_cache_alloc+0x1e0/0x410
[ 3265.602316]  __create_object+0x3d/0xc10
[ 3265.602697]  kmem_cache_alloc_lru+0x307/0x760
[ 3265.603144]  __d_alloc+0x31/0x9c0
[ 3265.603513]  d_alloc_parallel+0x10e/0x1530
[ 3265.603928]  lookup_open.isra.0+0x914/0x1250
[ 3265.604361]  path_openat+0x946/0x29b0
[ 3265.604731]  do_filp_open+0x1ba/0x410
[ 3265.605102]  do_sys_openat2+0x171/0x4c0
[ 3265.605477]  __x64_sys_openat+0x143/0x200
[ 3265.605877]  do_syscall_64+0x3f/0x90
[ 3265.606242]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 3265.606742] 
[ 3265.606907] Freed by task 13:
[ 3265.607208]  kasan_save_stack+0x22/0x50
[ 3265.607599]  kasan_set_track+0x25/0x30
[ 3265.607976]  kasan_save_free_info+0x2e/0x50
[ 3265.608402]  __kasan_slab_free+0x10a/0x190
[ 3265.608724]  kmem_cache_free+0xfb/0x610
[ 3265.609020]  rcu_core+0x7cf/0x2070
[ 3265.609290]  __do_softirq+0x1c7/0x8f9
[ 3265.609566] 
[ 3265.609688] Last potentially related work creation:
[ 3265.610011]  kasan_save_stack+0x22/0x50
[ 3265.610280]  __kasan_record_aux_stack+0x95/0xb0
[ 3265.610615]  __call_rcu_common.constprop.0+0x6a/0xa40
[ 3265.610971]  kmem_cache_free+0xc1/0x610
[ 3265.611248]  rcu_core+0x7cf/0x2070
[ 3265.611503]  __do_softirq+0x1c7/0x8f9
[ 3265.611760] 
[ 3265.611881] Second to last potentially related work creation:
[ 3265.612258]  kasan_save_stack+0x22/0x50
[ 3265.612527]  __kasan_record_aux_stack+0x95/0xb0
[ 3265.612852]  __call_rcu_common.constprop.0+0x6a/0xa40
[ 3265.613206]  kmem_cache_free+0xc1/0x610
[ 3265.613491]  kfree_skbmem+0xef/0x1b0
[ 3265.613762]  kfree_skb_reason+0x147/0x3e0
[ 3265.614046]  ieee80211_iface_work+0x353/0xc90
[ 3265.614359]  process_one_work+0xa17/0x16a0
[ 3265.614658]  worker_thread+0x63b/0x1260
[ 3265.614933]  kthread+0x2f1/0x3a0
[ 3265.615170]  ret_from_fork+0x2c/0x50
[ 3265.615441] 
[ 3265.615562] The buggy address belongs to the object at ffff8880189cad80
[ 3265.615562]  which belongs to the cache kmemleak_object of size 368
[ 3265.616408] The buggy address is located 24 bytes inside of
[ 3265.616408]  368-byte region [ffff8880189cad80, ffff8880189caef0)
[ 3265.617210] 
[ 3265.617338] The buggy address belongs to the physical page:
[ 3265.617727] page:00000000a12a531b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x189ca
[ 3265.618374] head:00000000a12a531b order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[ 3265.619018] anon flags: 0x100000000010200(slab|head|node=0|zone=1)
[ 3265.619482] raw: 0100000000010200 ffff88800844f780 0000000000000000 dead000000000001
[ 3265.620024] raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000
[ 3265.620573] page dumped because: kasan: bad access detected
[ 3265.620956] 
[ 3265.621080] Memory state around the buggy address:
[ 3265.621423]  ffff8880189cac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3265.621925]  ffff8880189cad00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3265.622423] >ffff8880189cad80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3265.622939]                             ^
[ 3265.623232]  ffff8880189cae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3265.623747]  ffff8880189cae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 3265.624243] ==================================================================
[ 3265.624741] Disabling lock debugging due to kernel taint

VM DIAGNOSIS:
21:47:52  Registers:
info registers vcpu 0
RAX=ffffffff8440cda0 RBX=ffffffff85432940 RCX=ffffffff843ed792 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffffff85407e20
R8 =0000000000000001 R9 =ffff88806ce34f03 R10=ffffed100d9c69e0 R11=0000000000000001
R12=fffffbfff0a86528 R13=ffffffff85d11910 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff8440cdaf RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe1e3a150000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe1e3a14e000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055ebd4d70658 CR3=0000000043c9e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffff0000000c000055ebd4cf95d0
XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973
XMM04=3d5347415400333d524f4e494d00373d XMM05=455a494c414954494e495f4345535500
XMM06=534b534944006b7369643d4550595456 XMM07=414e564544006b636f6c623d4d455453
XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8247d2c5 RDI=ffffffff87fbaae0 RBP=ffffffff87fbaaa0 RSP=ffff888045e87108
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001
R12=0000000000000038 R13=ffffffff87fbaaa0 R14=0000000000000010 R15=ffffffff8247d2b0
RIP=ffffffff8247d31d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555725b400 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe16f7e57000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe16f7e55000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6076d33ae0 CR3=0000000019110000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=0055ebd4038eec00007fff00323a3762
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=ffffffffffff0000ffffffff0000ff00
XMM06=000000000000654c000000006801000a XMM07=00000000000000000000000000000000
XMM08=0055ebd4038eec00007fff00323a3762 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000