x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:06:28 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:06:28 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1384.946887] loop1: detected capacity change from 0 to 40 [ 1384.958606] loop2: detected capacity change from 0 to 40 [ 1384.981393] loop4: detected capacity change from 0 to 40 [ 1384.988190] loop6: detected capacity change from 0 to 40 [ 1385.114085] syz-executor.6: attempt to access beyond end of device [ 1385.114085] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1385.115894] Buffer I/O error on dev loop6, logical block 10, lost async page write 10:06:29 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1385.298828] syz-executor.1: attempt to access beyond end of device [ 1385.298828] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1385.300545] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1385.377412] loop6: detected capacity change from 0 to 40 [ 1385.445205] syz-executor.6: attempt to access beyond end of device [ 1385.445205] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1385.446129] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 1385.449631] syz-executor.2: attempt to access beyond end of device [ 1385.449631] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1385.450907] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1385.549618] syz-executor.4: attempt to access beyond end of device [ 1385.549618] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1385.553185] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:06:44 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:06:44 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:06:44 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:06:44 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:06:44 executing program 5: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) 10:06:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:06:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:06:44 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1400.280289] loop1: detected capacity change from 0 to 40 [ 1400.283996] loop2: detected capacity change from 0 to 40 [ 1400.305743] loop4: detected capacity change from 0 to 40 [ 1400.343339] loop6: detected capacity change from 0 to 40 [ 1400.458173] syz-executor.6: attempt to access beyond end of device [ 1400.458173] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.459982] Buffer I/O error on dev loop6, logical block 10, lost async page write 10:06:44 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1400.581803] syz-executor.2: attempt to access beyond end of device [ 1400.581803] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.583254] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1400.633397] syz-executor.1: attempt to access beyond end of device [ 1400.633397] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.634645] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1400.664452] loop6: detected capacity change from 0 to 40 10:06:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1400.720937] loop2: detected capacity change from 0 to 40 [ 1400.725418] syz-executor.6: attempt to access beyond end of device [ 1400.725418] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.726329] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 1400.788971] syz-executor.4: attempt to access beyond end of device [ 1400.788971] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.790812] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:06:44 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1400.872779] loop6: detected capacity change from 0 to 40 10:06:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:06:44 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1400.924524] syz-executor.6: attempt to access beyond end of device [ 1400.924524] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.925384] Buffer I/O error on dev loop6, logical block 10, lost async page write 10:06:44 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1400.995459] syz-executor.2: attempt to access beyond end of device [ 1400.995459] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1400.997413] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:06:45 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1401.027147] loop4: detected capacity change from 0 to 40 10:06:45 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:06:45 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1401.104533] loop6: detected capacity change from 0 to 40 10:06:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1401.210750] loop2: detected capacity change from 0 to 40 10:06:45 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1401.288529] syz-executor.2: attempt to access beyond end of device [ 1401.288529] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1401.289438] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1401.310292] loop6: detected capacity change from 0 to 40 10:06:45 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1) [ 1401.332761] syz-executor.4: attempt to access beyond end of device [ 1401.332761] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1401.334094] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1401.372474] loop5: detected capacity change from 0 to 40 [ 1401.389805] FAULT_INJECTION: forcing a failure. [ 1401.389805] name failslab, interval 1, probability 0, space 0, times 1 [ 1401.390730] CPU: 0 PID: 7863 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1401.391285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1401.391850] Call Trace: [ 1401.392034] [ 1401.392199] dump_stack_lvl+0x8f/0xb7 [ 1401.392483] should_fail_ex.cold+0x5/0xa [ 1401.392776] should_failslab+0x9/0x20 [ 1401.393051] __kmem_cache_alloc_node+0x5b/0x400 [ 1401.393378] ? alloc_pipe_info+0x109/0x590 [ 1401.393695] kmalloc_trace+0x26/0x60 [ 1401.393980] alloc_pipe_info+0x109/0x590 [ 1401.394281] splice_direct_to_actor+0x6e6/0x8c0 [ 1401.394622] ? __pfx_direct_splice_actor+0x10/0x10 [ 1401.394974] ? inode_security+0x105/0x140 [ 1401.395269] ? avc_policy_seqno+0xd/0x70 [ 1401.395555] ? selinux_file_permission+0x3a/0x510 [ 1401.395896] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1401.396268] ? security_file_permission+0xb5/0xe0 [ 1401.396629] do_splice_direct+0x1bc/0x290 [ 1401.396934] ? __pfx_do_splice_direct+0x10/0x10 [ 1401.397285] ? lock_is_held_type+0xdb/0x130 [ 1401.397601] do_sendfile+0xb1d/0x1280 [ 1401.397888] ? __pfx_do_sendfile+0x10/0x10 [ 1401.398205] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1401.398565] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1401.398952] __x64_sys_sendfile64+0x248/0x2a0 [ 1401.399280] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1401.399640] ? syscall_enter_from_user_mode+0x21/0x50 [ 1401.400003] ? syscall_enter_from_user_mode+0x21/0x50 [ 1401.400367] do_syscall_64+0x3f/0x90 [ 1401.400639] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1401.401018] RIP: 0033:0x7f19d5d86b19 [ 1401.401284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1401.402525] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1401.403060] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1401.403562] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1401.404077] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1401.404577] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1401.405075] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1401.405597] 10:06:45 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:06:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1401.500226] loop2: detected capacity change from 0 to 40 [ 1401.511458] loop6: detected capacity change from 0 to 40 10:06:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1414.617924] loop4: detected capacity change from 0 to 40 10:06:58 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(0xffffffffffffffff, r1, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef) 10:06:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1) 10:06:58 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:06:58 executing program 7: openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r0 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:06:58 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:06:58 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:06:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2) [ 1414.674810] loop6: detected capacity change from 0 to 40 [ 1414.701387] loop5: detected capacity change from 0 to 40 [ 1414.707021] loop1: detected capacity change from 0 to 40 [ 1414.776283] FAULT_INJECTION: forcing a failure. [ 1414.776283] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.777815] CPU: 0 PID: 7889 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1414.778872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1414.779899] Call Trace: [ 1414.780240] [ 1414.780547] dump_stack_lvl+0x8f/0xb7 [ 1414.781067] should_fail_ex.cold+0x5/0xa [ 1414.781610] should_failslab+0x9/0x20 [ 1414.782126] __kmem_cache_alloc_node+0x5b/0x400 [ 1414.782739] ? alloc_pipe_info+0x109/0x590 [ 1414.783313] kmalloc_trace+0x26/0x60 [ 1414.783816] alloc_pipe_info+0x109/0x590 [ 1414.784359] splice_direct_to_actor+0x6e6/0x8c0 [ 1414.784999] ? __pfx_direct_splice_actor+0x10/0x10 [ 1414.785652] ? inode_security+0x105/0x140 [ 1414.786231] ? avc_policy_seqno+0xd/0x70 [ 1414.786770] ? selinux_file_permission+0x3a/0x510 [ 1414.787418] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1414.788125] ? security_file_permission+0xb5/0xe0 [ 1414.788797] do_splice_direct+0x1bc/0x290 [ 1414.789384] ? __pfx_do_splice_direct+0x10/0x10 [ 1414.790036] ? lock_is_held_type+0xdb/0x130 [ 1414.790635] do_sendfile+0xb1d/0x1280 [ 1414.791193] ? __pfx_do_sendfile+0x10/0x10 [ 1414.791782] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1414.792480] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1414.793222] __x64_sys_sendfile64+0x248/0x2a0 [ 1414.793840] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1414.794544] ? syscall_enter_from_user_mode+0x21/0x50 [ 1414.795227] ? syscall_enter_from_user_mode+0x21/0x50 [ 1414.795931] do_syscall_64+0x3f/0x90 [ 1414.796441] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1414.797131] RIP: 0033:0x7f7c47a26b19 [ 1414.797636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.799940] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1414.800938] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1414.801855] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1414.802801] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.803719] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1414.804636] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1414.805604] [ 1414.843750] syz-executor.4: attempt to access beyond end of device [ 1414.843750] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1414.845432] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1414.879325] syz-executor.5: attempt to access beyond end of device [ 1414.879325] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1414.880932] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:07:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2) 10:07:16 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:16 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:07:16 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:07:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 3) 10:07:16 executing program 7: openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r0 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:07:16 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(0xffffffffffffffff, r1, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef) [ 1432.167668] loop6: detected capacity change from 0 to 40 [ 1432.171337] loop2: detected capacity change from 0 to 40 [ 1432.188081] loop5: detected capacity change from 0 to 40 [ 1432.212468] loop4: detected capacity change from 0 to 40 [ 1432.215488] loop1: detected capacity change from 0 to 40 [ 1432.229104] FAULT_INJECTION: forcing a failure. [ 1432.229104] name failslab, interval 1, probability 0, space 0, times 0 [ 1432.229834] CPU: 0 PID: 7915 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1432.230367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1432.230901] Call Trace: [ 1432.231083] [ 1432.231243] dump_stack_lvl+0x8f/0xb7 [ 1432.231524] should_fail_ex.cold+0x5/0xa [ 1432.231807] should_failslab+0x9/0x20 [ 1432.232076] __kmem_cache_alloc_node+0x5b/0x400 [ 1432.232388] ? alloc_pipe_info+0x1e4/0x590 [ 1432.232694] ? alloc_pipe_info+0x1e4/0x590 [ 1432.232992] __kmalloc+0x46/0xc0 [ 1432.233232] alloc_pipe_info+0x1e4/0x590 [ 1432.233522] splice_direct_to_actor+0x6e6/0x8c0 [ 1432.233854] ? __pfx_direct_splice_actor+0x10/0x10 [ 1432.234194] ? inode_security+0x105/0x140 [ 1432.234505] ? avc_policy_seqno+0xd/0x70 [ 1432.234786] ? selinux_file_permission+0x3a/0x510 [ 1432.235118] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1432.235479] ? security_file_permission+0xb5/0xe0 [ 1432.235831] do_splice_direct+0x1bc/0x290 [ 1432.236129] ? __pfx_do_splice_direct+0x10/0x10 [ 1432.236470] ? lock_is_held_type+0xdb/0x130 [ 1432.236775] do_sendfile+0xb1d/0x1280 [ 1432.237054] ? __pfx_do_sendfile+0x10/0x10 [ 1432.237354] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1432.237724] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1432.238105] __x64_sys_sendfile64+0x248/0x2a0 [ 1432.238438] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1432.238791] ? syscall_enter_from_user_mode+0x21/0x50 [ 1432.239146] ? syscall_enter_from_user_mode+0x21/0x50 [ 1432.239503] do_syscall_64+0x3f/0x90 [ 1432.239775] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1432.240149] RIP: 0033:0x7f19d5d86b19 [ 1432.240420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1432.241661] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1432.242196] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1432.242705] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1432.243228] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1432.243744] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1432.244244] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1432.244761] 10:07:16 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(0xffffffffffffffff, r1, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef) [ 1432.382825] syz-executor.1: attempt to access beyond end of device [ 1432.382825] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1432.384535] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:07:16 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 4) 10:07:16 executing program 7: openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r0 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1432.526534] loop6: detected capacity change from 0 to 40 [ 1432.538576] syz-executor.2: attempt to access beyond end of device [ 1432.538576] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1432.540057] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:07:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 3) 10:07:16 executing program 2: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1432.649556] loop5: detected capacity change from 0 to 40 10:07:16 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:16 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1432.866047] syz-executor.5: attempt to access beyond end of device [ 1432.866047] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1432.867826] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1432.911518] loop1: detected capacity change from 0 to 40 [ 1433.009145] FAULT_INJECTION: forcing a failure. [ 1433.009145] name failslab, interval 1, probability 0, space 0, times 0 [ 1433.010798] CPU: 1 PID: 7940 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1433.011946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.013098] Call Trace: [ 1433.013485] [ 1433.013830] dump_stack_lvl+0x8f/0xb7 [ 1433.014425] should_fail_ex.cold+0x5/0xa [ 1433.015044] should_failslab+0x9/0x20 [ 1433.015617] __kmem_cache_alloc_node+0x5b/0x400 [ 1433.016299] ? alloc_pipe_info+0x1e4/0x590 [ 1433.016949] ? alloc_pipe_info+0x1e4/0x590 [ 1433.017583] __kmalloc+0x46/0xc0 [ 1433.018099] alloc_pipe_info+0x1e4/0x590 [ 1433.018741] splice_direct_to_actor+0x6e6/0x8c0 [ 1433.019443] ? __pfx_direct_splice_actor+0x10/0x10 [ 1433.020158] ? inode_security+0x105/0x140 [ 1433.020761] ? avc_policy_seqno+0xd/0x70 [ 1433.021349] ? selinux_file_permission+0x3a/0x510 [ 1433.022044] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1433.022804] ? security_file_permission+0xb5/0xe0 [ 1433.023543] do_splice_direct+0x1bc/0x290 [ 1433.024179] ? __pfx_do_splice_direct+0x10/0x10 [ 1433.024895] ? lock_is_held_type+0xdb/0x130 [ 1433.025530] do_sendfile+0xb1d/0x1280 [ 1433.026122] ? __pfx_do_sendfile+0x10/0x10 [ 1433.026751] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1433.027493] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1433.028321] __x64_sys_sendfile64+0x248/0x2a0 [ 1433.029089] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1433.029473] ? syscall_enter_from_user_mode+0x21/0x50 [ 1433.029853] ? syscall_enter_from_user_mode+0x21/0x50 [ 1433.030241] do_syscall_64+0x3f/0x90 [ 1433.030553] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1433.030935] RIP: 0033:0x7f7c47a26b19 [ 1433.031211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.032502] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1433.033047] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1433.033560] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1433.034063] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.034574] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1433.035089] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1433.035625] 10:07:17 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 5) [ 1433.067394] loop6: detected capacity change from 0 to 40 [ 1433.125602] loop5: detected capacity change from 0 to 40 [ 1433.149789] FAULT_INJECTION: forcing a failure. [ 1433.149789] name failslab, interval 1, probability 0, space 0, times 0 [ 1433.150638] CPU: 1 PID: 7949 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1433.151182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.151713] Call Trace: [ 1433.151895] [ 1433.152056] dump_stack_lvl+0x8f/0xb7 [ 1433.152331] should_fail_ex.cold+0x5/0xa [ 1433.152620] should_failslab+0x9/0x20 [ 1433.152882] __kmem_cache_alloc_node+0x5b/0x400 [ 1433.153201] ? iter_file_splice_write+0x169/0xcb0 [ 1433.153549] ? iter_file_splice_write+0x169/0xcb0 [ 1433.153889] __kmalloc+0x46/0xc0 [ 1433.154133] iter_file_splice_write+0x169/0xcb0 [ 1433.154498] ? generic_file_splice_read+0x1bc/0x4d0 [ 1433.154856] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1433.155237] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1433.155608] ? inode_security+0x105/0x140 [ 1433.155915] ? security_file_permission+0xb5/0xe0 [ 1433.156264] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1433.156627] direct_splice_actor+0x113/0x180 [ 1433.156948] splice_direct_to_actor+0x33a/0x8c0 [ 1433.157276] ? __pfx_direct_splice_actor+0x10/0x10 [ 1433.157640] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1433.158004] ? security_file_permission+0xb5/0xe0 [ 1433.158360] do_splice_direct+0x1bc/0x290 [ 1433.158671] ? __pfx_do_splice_direct+0x10/0x10 [ 1433.159030] ? lock_is_held_type+0xdb/0x130 [ 1433.159349] do_sendfile+0xb1d/0x1280 [ 1433.159643] ? __pfx_do_sendfile+0x10/0x10 [ 1433.159954] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1433.160324] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1433.160719] __x64_sys_sendfile64+0x248/0x2a0 [ 1433.161057] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1433.161428] ? syscall_enter_from_user_mode+0x21/0x50 [ 1433.161783] ? syscall_enter_from_user_mode+0x21/0x50 [ 1433.162158] do_syscall_64+0x3f/0x90 [ 1433.162435] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1433.162803] RIP: 0033:0x7f19d5d86b19 [ 1433.163059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.164303] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1433.164840] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1433.165340] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1433.165834] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.166328] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1433.166840] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1433.167355] 10:07:17 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1433.222462] syz-executor.6: attempt to access beyond end of device [ 1433.222462] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1433.224371] Buffer I/O error on dev loop6, logical block 10, lost async page write 10:07:32 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 6) 10:07:32 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1448.116423] loop5: detected capacity change from 0 to 40 10:07:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1) 10:07:32 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:32 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:07:32 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:07:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 4) [ 1448.120534] loop4: detected capacity change from 0 to 40 [ 1448.135232] loop2: detected capacity change from 0 to 40 [ 1448.176798] FAULT_INJECTION: forcing a failure. [ 1448.176798] name failslab, interval 1, probability 0, space 0, times 0 [ 1448.177671] CPU: 1 PID: 7971 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1448.178256] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1448.178842] Call Trace: [ 1448.179046] [ 1448.179214] dump_stack_lvl+0x8f/0xb7 [ 1448.179494] should_fail_ex.cold+0x5/0xa [ 1448.179630] loop6: detected capacity change from 0 to 40 [ 1448.179782] should_failslab+0x9/0x20 [ 1448.180745] __kmem_cache_alloc_node+0x5b/0x400 [ 1448.181072] ? alloc_pipe_info+0x109/0x590 [ 1448.181378] kmalloc_trace+0x26/0x60 [ 1448.181643] alloc_pipe_info+0x109/0x590 [ 1448.181933] splice_direct_to_actor+0x6e6/0x8c0 [ 1448.182264] ? __pfx_direct_splice_actor+0x10/0x10 [ 1448.182621] ? inode_security+0x105/0x140 [ 1448.182917] ? avc_policy_seqno+0xd/0x70 [ 1448.183200] ? selinux_file_permission+0x3a/0x510 [ 1448.183532] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1448.183898] ? security_file_permission+0xb5/0xe0 [ 1448.184278] do_splice_direct+0x1bc/0x290 [ 1448.184402] loop1: detected capacity change from 0 to 40 [ 1448.184568] ? __pfx_do_splice_direct+0x10/0x10 [ 1448.185579] ? lock_is_held_type+0xdb/0x130 [ 1448.185909] do_sendfile+0xb1d/0x1280 [ 1448.186195] ? __pfx_do_sendfile+0x10/0x10 [ 1448.186512] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1448.186916] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1448.187323] __x64_sys_sendfile64+0x248/0x2a0 [ 1448.187651] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1448.188018] ? syscall_enter_from_user_mode+0x21/0x50 [ 1448.188396] ? syscall_enter_from_user_mode+0x21/0x50 [ 1448.188790] do_syscall_64+0x3f/0x90 [ 1448.189080] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1448.189452] RIP: 0033:0x7fbf3819db19 [ 1448.189729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1448.190991] RSP: 002b:00007fbf35713188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1448.191502] RAX: ffffffffffffffda RBX: 00007fbf382b0f60 RCX: 00007fbf3819db19 [ 1448.191982] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1448.192454] RBP: 00007fbf357131d0 R08: 0000000000000000 R09: 0000000000000000 [ 1448.192928] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1448.193406] R13: 00007ffce4e34e8f R14: 00007fbf35713300 R15: 0000000000022000 [ 1448.193908] [ 1448.311622] syz-executor.5: attempt to access beyond end of device [ 1448.311622] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.313381] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1448.324350] syz-executor.1: attempt to access beyond end of device [ 1448.324350] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.325947] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1448.329731] syz-executor.6: attempt to access beyond end of device [ 1448.329731] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.331440] Buffer I/O error on dev loop6, logical block 10, lost async page write 10:07:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2) 10:07:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 7) [ 1448.406354] syz-executor.4: attempt to access beyond end of device [ 1448.406354] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.408237] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1448.433939] loop2: detected capacity change from 0 to 40 10:07:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 5) 10:07:32 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:32 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1448.471828] loop5: detected capacity change from 0 to 40 10:07:32 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r0, r1, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef) [ 1448.508593] syz-executor.2: attempt to access beyond end of device [ 1448.508593] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.509543] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1448.556397] syz-executor.5: attempt to access beyond end of device [ 1448.556397] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.557294] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:07:32 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 3) 10:07:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 8) [ 1448.635346] loop1: detected capacity change from 0 to 40 [ 1448.643367] loop6: detected capacity change from 0 to 40 10:07:32 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1448.689650] loop2: detected capacity change from 0 to 40 [ 1448.702113] FAULT_INJECTION: forcing a failure. [ 1448.702113] name failslab, interval 1, probability 0, space 0, times 0 [ 1448.703834] CPU: 0 PID: 7997 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1448.704884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1448.705916] Call Trace: [ 1448.706250] [ 1448.706558] dump_stack_lvl+0x8f/0xb7 [ 1448.707113] should_fail_ex.cold+0x5/0xa [ 1448.707655] should_failslab+0x9/0x20 [ 1448.708175] __kmem_cache_alloc_node+0x5b/0x400 [ 1448.708787] ? iter_file_splice_write+0x169/0xcb0 [ 1448.709446] ? iter_file_splice_write+0x169/0xcb0 [ 1448.710087] __kmalloc+0x46/0xc0 [ 1448.710569] iter_file_splice_write+0x169/0xcb0 [ 1448.711227] ? generic_file_splice_read+0x1bc/0x4d0 [ 1448.711923] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1448.712600] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1448.713347] ? inode_security+0x105/0x140 [ 1448.713943] ? security_file_permission+0xb5/0xe0 [ 1448.714018] loop5: detected capacity change from 0 to 40 [ 1448.714624] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1448.715709] direct_splice_actor+0x113/0x180 [ 1448.716335] splice_direct_to_actor+0x33a/0x8c0 [ 1448.716993] ? __pfx_direct_splice_actor+0x10/0x10 [ 1448.717683] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1448.718402] ? security_file_permission+0xb5/0xe0 [ 1448.719123] do_splice_direct+0x1bc/0x290 [ 1448.719686] ? __pfx_do_splice_direct+0x10/0x10 [ 1448.720363] ? lock_is_held_type+0xdb/0x130 [ 1448.720969] do_sendfile+0xb1d/0x1280 [ 1448.721509] ? __pfx_do_sendfile+0x10/0x10 [ 1448.722100] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1448.722832] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1448.723135] loop4: detected capacity change from 0 to 40 [ 1448.723564] __x64_sys_sendfile64+0x248/0x2a0 [ 1448.724515] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1448.725206] ? syscall_enter_from_user_mode+0x21/0x50 [ 1448.725899] ? syscall_enter_from_user_mode+0x21/0x50 [ 1448.726605] do_syscall_64+0x3f/0x90 [ 1448.727151] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1448.727855] RIP: 0033:0x7f7c47a26b19 [ 1448.728350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1448.730662] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1448.731653] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1448.732599] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1448.733520] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1448.734434] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1448.735395] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1448.736371] [ 1448.762129] FAULT_INJECTION: forcing a failure. [ 1448.762129] name failslab, interval 1, probability 0, space 0, times 0 [ 1448.762959] CPU: 1 PID: 8002 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1448.763517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1448.764091] Call Trace: [ 1448.764284] [ 1448.764454] dump_stack_lvl+0x8f/0xb7 [ 1448.764749] should_fail_ex.cold+0x5/0xa [ 1448.765055] should_failslab+0x9/0x20 [ 1448.765338] __kmem_cache_alloc_node+0x5b/0x400 [ 1448.765673] ? alloc_pipe_info+0x1e4/0x590 [ 1448.765991] ? alloc_pipe_info+0x1e4/0x590 [ 1448.766305] __kmalloc+0x46/0xc0 [ 1448.766571] alloc_pipe_info+0x1e4/0x590 [ 1448.766883] splice_direct_to_actor+0x6e6/0x8c0 [ 1448.767235] ? __pfx_direct_splice_actor+0x10/0x10 [ 1448.767587] ? inode_security+0x105/0x140 [ 1448.767893] ? avc_policy_seqno+0xd/0x70 [ 1448.768184] ? selinux_file_permission+0x3a/0x510 [ 1448.768533] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1448.768907] ? security_file_permission+0xb5/0xe0 [ 1448.769279] do_splice_direct+0x1bc/0x290 [ 1448.769590] ? __pfx_do_splice_direct+0x10/0x10 [ 1448.769940] ? lock_is_held_type+0xdb/0x130 [ 1448.770269] do_sendfile+0xb1d/0x1280 [ 1448.770574] ? __pfx_do_sendfile+0x10/0x10 [ 1448.770887] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1448.771254] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1448.771652] __x64_sys_sendfile64+0x248/0x2a0 [ 1448.771990] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1448.772352] ? syscall_enter_from_user_mode+0x21/0x50 [ 1448.772700] ? syscall_enter_from_user_mode+0x21/0x50 [ 1448.773076] do_syscall_64+0x3f/0x90 [ 1448.773339] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1448.773710] RIP: 0033:0x7fbf3819db19 [ 1448.773972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1448.775241] RSP: 002b:00007fbf35713188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1448.775783] RAX: ffffffffffffffda RBX: 00007fbf382b0f60 RCX: 00007fbf3819db19 [ 1448.776283] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1448.776781] RBP: 00007fbf357131d0 R08: 0000000000000000 R09: 0000000000000000 [ 1448.777276] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1448.777771] R13: 00007ffce4e34e8f R14: 00007fbf35713300 R15: 0000000000022000 [ 1448.778279] [ 1448.816726] syz-executor.5: attempt to access beyond end of device [ 1448.816726] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1448.817571] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:07:32 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r0, r1, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef) 10:07:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 9) 10:07:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 4) 10:07:32 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1448.961691] loop5: detected capacity change from 0 to 40 10:07:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 6) [ 1449.034731] loop6: detected capacity change from 0 to 40 [ 1449.070485] syz-executor.5: attempt to access beyond end of device [ 1449.070485] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1449.071394] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1449.149422] loop1: detected capacity change from 0 to 40 10:07:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 10) [ 1449.213411] FAULT_INJECTION: forcing a failure. [ 1449.213411] name failslab, interval 1, probability 0, space 0, times 0 [ 1449.214485] CPU: 1 PID: 8019 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1449.215058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1449.215589] Call Trace: [ 1449.215767] [ 1449.215924] dump_stack_lvl+0x8f/0xb7 [ 1449.216196] should_fail_ex.cold+0x5/0xa [ 1449.216479] should_failslab+0x9/0x20 [ 1449.216750] __kmem_cache_alloc_node+0x5b/0x400 [ 1449.217066] ? iter_file_splice_write+0x169/0xcb0 [ 1449.217407] ? iter_file_splice_write+0x169/0xcb0 [ 1449.217744] __kmalloc+0x46/0xc0 [ 1449.217990] iter_file_splice_write+0x169/0xcb0 [ 1449.218325] ? generic_file_splice_read+0x1bc/0x4d0 [ 1449.218678] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1449.219033] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1449.219401] ? inode_security+0x105/0x140 [ 1449.219701] ? security_file_permission+0xb5/0xe0 [ 1449.220044] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1449.220403] direct_splice_actor+0x113/0x180 [ 1449.220722] splice_direct_to_actor+0x33a/0x8c0 [ 1449.221051] ? __pfx_direct_splice_actor+0x10/0x10 [ 1449.221400] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1449.221753] ? security_file_permission+0xb5/0xe0 [ 1449.222106] do_splice_direct+0x1bc/0x290 [ 1449.222399] ? __pfx_do_splice_direct+0x10/0x10 [ 1449.222754] ? lock_is_held_type+0xdb/0x130 [ 1449.223063] do_sendfile+0xb1d/0x1280 [ 1449.223350] ? __pfx_do_sendfile+0x10/0x10 [ 1449.223659] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1449.224023] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1449.224413] __x64_sys_sendfile64+0x248/0x2a0 [ 1449.224739] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1449.225097] ? syscall_enter_from_user_mode+0x21/0x50 [ 1449.225461] ? syscall_enter_from_user_mode+0x21/0x50 [ 1449.225839] do_syscall_64+0x3f/0x90 [ 1449.226115] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1449.226485] RIP: 0033:0x7f7c47a26b19 [ 1449.226764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1449.227989] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1449.228511] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1449.229002] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1449.229490] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1449.229987] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001 [ 1449.230484] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1449.231003] [ 1449.237471] syz-executor.4: attempt to access beyond end of device [ 1449.237471] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1449.239449] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1449.297424] loop5: detected capacity change from 0 to 40 [ 1449.393240] syz-executor.5: attempt to access beyond end of device [ 1449.393240] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1449.395613] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:07:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1464.671079] loop2: detected capacity change from 0 to 40 [ 1464.696698] loop6: detected capacity change from 0 to 40 [ 1464.698099] loop1: detected capacity change from 0 to 40 [ 1464.698956] loop5: detected capacity change from 0 to 40 10:07:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 11) 10:07:48 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:07:48 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:07:48 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r0, r1, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef) 10:07:48 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:48 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:07:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 7) [ 1464.767213] loop4: detected capacity change from 0 to 40 [ 1464.794817] syz-executor.1: attempt to access beyond end of device [ 1464.794817] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1464.795721] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1464.816332] syz-executor.2: attempt to access beyond end of device [ 1464.816332] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1464.818162] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1464.902336] syz-executor.5: attempt to access beyond end of device [ 1464.902336] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1464.904247] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1465.076553] syz-executor.4: attempt to access beyond end of device [ 1465.076553] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1465.077874] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:08:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0xff, 0x40) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x400, 0x120) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) 10:08:03 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:03 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:03 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:03 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 12) 10:08:03 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:03 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:08:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 8) [ 1479.408496] loop2: detected capacity change from 0 to 40 [ 1479.437738] loop5: detected capacity change from 0 to 40 [ 1479.464286] loop6: detected capacity change from 0 to 40 [ 1479.483268] loop4: detected capacity change from 0 to 40 [ 1479.492382] loop1: detected capacity change from 0 to 40 [ 1479.505531] syz-executor.5: attempt to access beyond end of device [ 1479.505531] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1479.506491] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:08:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280), 0x105400, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r2, {r1}}, './file0\x00'}) write$vga_arbiter(r3, &(0x7f00000012c0)=@target={'target ', {'PCI:', '2', ':', '16', ':', 'a', '.', '1'}}, 0x14) ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, &(0x7f00000002c0)={{r0}, "34eb891b32f7fd70106944b286efde1bebffa846c8dd4b21bbbbd22ec2f764d182baa1e715ed95b18b9145719b14b3bcf0a01bd017bd9a1bae576c8cec0becfb5ca471e2503344b241546f8323c279c03fab69b72ca11eb942e364b35bba7c98760dcf181264706a2471039f42d5c5b93e8a510df7a3921a5298a1e4cd64d5c0059803d8d7f2401a906f914249e8bbdda00cf842ef59864c16edc0c510f6aaf3013bf2a02f22c3c2ddad42d52c33302c218d1f194c7326d1f2233cabb08a9dedc97d8430c11b9bf95226add0ac185edaa4dbdf73117f2f12942f5d6e256caca54036ce0561235dff6ab4ea8cc0deb8a66bed68f06bda9dbc60020be1abbaca545a5734a946e5517e4247a0ffe983bf1a0d4e53b7d67f3ebf1635279b83d91d3acb22165328e13b8c2e0c8ee573f05b2dd9a943f3c3b390b1d93effeb5356c5b51e7b52a003ede5db04b169a846eb0b123c064999fe038eccfce569c3c0e4bcdcfd7405df1b6ed12311bfb63926d81aa66e435ecc4d60a8b152305a554d67a420f026a8bcab6db9728ff79b7d0963eeb295486c8d48bc9736980118912b09d2b09d066ce42d9f0bf9fe6659f6f4c5f37baaf61eb85ec2cf6837d551e18f8264d83488a17d133574db0647861a8791c3d8fd8b31aa60b52b3200966799c31c705547882582d597c0c05407dea23ccf369f77c86ae826b9fa4e1930d674c8befb64d69e8aa659abe873fc349320d4d0a0f5164df260a92716cda89c7fbc06514dec8a7e51b1e94855d54334cea28d185db8fc625c453de4775218795945884fd73bd16fe8258ae99075f44a7e4f056dc2bda95bf9e3b900352ce92d73b0eb78b53ffec5227c91fc739e364098efb29e00a8dca6bbcdbc67908cdee4ee79318aa99d61102a73b9e212344297a1f66a002495c00bf7c079458967c9fc848889f55f4a56062abdc08d6fd88a08843c54a5ca115c07bd98854b584ddc631ab5b1705d6a887a0e301cce2cf3da3a7593b6553ca36386969820a650c774a82b547e5c52c9710164089ca0cfbba291d9b1817ff9106140ca15db5be4d6ad15ccee99e7c238db6968990aea7bd7fb5c0502a7f8eb1df2f6b7d61a7f7ddb9638e044ab72bd69739b7eb37b442069f3566c2cd4652bf1c869f16331185aea04a0a3f40f3abd9deecb68be699ae4e2070305192340f543283960540028a6f078002b2a09d0c21c15de0540c80b7f7774892d5c34aa93c28e517cf8fcd0bc89d45ddb1cc9cfd9cccaf2fae3aff8f3be996dca62698cb88346a503ed274a94eb734283f54c30b6431113abfaae5f218e1933a5ca7394089b51a0a028c04e596bbdf3cb45201082c88661e6d907576f6a0c939c408dcb17cbade6465b91c5807e243490c2fb5b752dca0c424106da18e0be102534b86d0fe711de8eacc534d668bdba2204ba53309716cd24f7b5e754e33d060bc0b38d626d2ef922c65bd953b2ac4d3d94850cd11fa69374cb0c8e5a83221d5368d56e4bbaf5a545de68a77720005bef304844ba7379eeebc7faf2d9aff1e343dfc346d9346558b38f7763e8fd12de78cdd81fa4cce1b2dfb9ffe89ba2250b2000faaac6d86a073eae67dfd82814f44534ad81971e40e003654151a600bea30069342687d62e273837c7274b0c37f2b252b140c789f32eca8ed6b7c08936f19189620fed609e0af665fbe38b0abc8ce3904329d40660731d322534ed8fab56e27ee320b85e6e412fa34097e44d4ffb0ccdca366879dbd75a003ea3fac316c52afac320f03638c1ccbc878f42e2dc4298ae2a17b766ee3b9c4e39340c617041f776aa85658d9ed466aa430e34314657bcbc3110f7eae73d293f9488cd2eed21e1f4e9c2b035a53c2b95715d55cf2b4d71d1c52837bcbc59ade17f386219b2d90c71b042551cb34303c722dec986c5bed1ddc7867eb49ecdf2bd7af23ae45918e020c6c33c96c39889f9387cc332db0550cb73b7133a73e8bbbaf38849cc7f81201999d9725f873243357e9b3caba161970fa3f1c376a197e5a1d2ac0952103d0bd692a683f0c35382cab67da8388a621b9b59242b023ea34abf717a5b0094e9e8173ad7eb6258dd6b1a02e1bdc1ed8772ac4ebdec82516824de9c34567dbb195d755982b9af1edec5824bd38f6d0599bb772a79630249e4bc7b1ba81d5b15810d0c4332b308068e645d9d939fca543c8617862c4decef85ad6d02b27841c4e297498848dba5d12d99bb041406f1627de4dc4f5fef7a41e87e316f893d14df5181293ed40f489b4a06731555a020d4d4dec7c4e1da6cead83bb8af77c1068dd07e856b29f3adadc0934d97cea5e73197ad662c97e3e32a376396889300e54f2e6e253abe7209dfb8c723616aa949276eb2695e544ceb4d73f93e27574b2d8ee5415b567c2629cf54275d04bbaa1c31880ae4f6377364a2a20d82b25120cd44aa63154520fd960a7d52b29f4aa270f4d91d9699d2f52c425b42ac6ba8e17b64edf0a6d2d6931baa89a0ec05e7418d6f6d6b0eb6210cacdde86c9c390b5dc65e97221d8618d9020c3f4ab75fa7b3d9e8f91251351738147c24c089918a234b2037ba6a383f8bbb2d1e29ee04e600c73cd0b06280f1c1b77c2c2ed85ffed81cb78d78a8fd4095283c0ea406c0b16c1a577800ac41f63afd8437993fa722b61161cb4a894d2a6f784150837ec6e3a9085d498daf956314daebd7ff28d664fc9309128b9728dccd892055cdd5f3dd632c33c000334d717b2e638d9a465cc4845b2334df63abb471ff2f513b1c1cf0dd10eb60c208e1d531c4f7c112a1503e9f033412a8d1a732ce36fd2c9c45ff7683fbd39476d6cc595a707fc537463ae81621f114f3b76f0b317d5f8691c148a85382ddfcfd9397964c34b38f2b72980e3a51ca7b44feb53a11cf0060b32319e244e7287a327c42b21a18a657ffbc32baa747c3d0114d29207990f1e73ec36b4f4c10d392e3082825c2dd2452fdc5235a63bbe09a4609e53aa0e09642ae79abee6cddb67205a3216142df0df889c0aede0d829c658443def4ff418ce99436d347ed0b4de8e3d1b69a165efeefbd85313f256eeaf59315f87108e6088492043ddd565f10edefdbf618570e719e873c5f31f2427eb5e93f085dba16786900b09cfde4592f02fba44486215cd86b0aea94def66be16ae52d32d582de858b0fa970f526d19be178d4698a16f86e61c225d9ff5bd32a41bab0953f633a2946e898b0e3323d90a37e510cbcf77ef059c4b81894d5e2681e575310bec01c89dbec2f2d422b6bd9d5603a35289fb3720de2667539b089918b90789c3f482495f8099e06d52b9b20e067aa1f1e4dbcec3494aa6b4dcbb1fec339b6dfbb406c66c53e02ac64e8d3294ca8fd2af1e77ec903dee88409b4cb74d8908cbbfb634f1f58afe96762b7f57baeb6b95a17087b664d7226c1f6930d4308531b114156447d27ddc26b3107623f9a571307ba288512375cf10315fa0ded8995ec1c8c41931d16a547eecb4c49ba7e612a35425b3f4d11a9a8d2530e46247a8b48cfb4ff62ad5be9d0ce3ee654b56e1a7a9147b06eb685b3e50e6c882fe42778a1b13613364d3b36b6033c2c8e932a750822106dc6c7c48c455c353e557170062a067dbc27cf2b76e1a9f6a4c1422a2639294182b7de9b7c3d6ecd465f7d81a6086d035f9ce00f53e1dcf835841e08625cd2f7afc7e9cc3e44861cf61cb01498d7b5509bac427ef5dd52bfd0a8adfc57d14c2bf0f4fc9137d711e7b5b34f6d4a5e373cc0e7de7c26f8cac9f0dd45a755d23ed51409a61e14e2a40ea97ac68cfbdfdad4a8fa63a410de750e0666a026117b40d31e7a967aed001dcfece8fc85a43c4da89bbec7c0b008e06ff3b080f22cb74d5e6b4f8ca7d65326fc4de8ae3fc1401f3484e728e2487cf0bf5e5c2e084c41e3e612fd516be01a10f4acd149488413ec992db9f24889f1c364cb991cd4036fba094485d5d57896e8f57faa437d6a7d66dc26e62fc8742842408e6e586d154bb028da9492da160abfa061862c2758590fac200842ed45ed32949ee241f5560f9283fccefea3342de138cc5fc6d8b8f79c3531d90ed265ef27b95a87bf2e66a493adcf8c0506360d7128a138c60450688f0c4879cfe8c1651a3c528f88afa78087d6f033f4c0e39b317b528269d520f11187faa902b0bc1ab7cfaaca5b2d371afe2790952ef74f7b2b40bf052adaddf037813f8540d57c9a6505a21534a583cf2e342664c1a6a83511943a6889107ee7b3b1ad8aa73c903db6def1c89765f81c5728afea349b080a7283cda26582245d83392a90252f2d4c4b1756eb6ba15b8cce141e40f04f3a8c07bd72b822b2c11ffbfb9d629c7a1c6761343e3a29a5a89fc0c11c74f8d870477c5086b3e9e3b6e4ffaf8a87f07babe449a6f416f446a2e9a0bf1ad68df5d35359bbc38309ba970845a6ba4a09355a37690ec75f8a3be1da0809fcf99d9a17c125660eccf8c6596c2250d49fb87be8e00416eae362ed3e79a912c426154c252f33619ccf102fb71484e673d04248a2bf9467ff708acb32f2e9c14fe47641f44337aeeb5bdef404ed6b9ad4d31324d5a13bfbe96c0182ab291c27763b1777ac8e811ab8f1827f04ba0bef1c04e0e89e73fe01728010dee2bdbcc7bb54a9bb1e344c5f59b7559344d3f10022138f44797d1979ea6ec876fe6530a1b4c10a12304a1b38ff537110dea93469d3e600a0581afcfa6df2ab4e6a0f7d674a290972ce4363af1ded79ebe5c7d444a9445640546107daadb5bc35249acb12addcf3d096bbd9f5773e5f795a8e83ce780c1f17e797b82555e0570c2a51118a2c8f1f82cb422ce9b80addf4b947b72fef2bc111c35901b3d5663a0d120994fde56679ce86a880669c160bbb474d25ca1a06145a3958c4d243dec5673f4a9880b47173767583f760c7c54942c3ce281a9a5db6db301cfc9235ab8a4498989a3b26d9da4a3146cadd34b07152ea3a3664a04524d8ddc7cbd3aa41a12aff8b90fb2210c4c383d0ee5084db5630d0f345b771bd0565d5d503f72ab4e58cae43fb8196510bdec0a5bed87e1548a66735e77027f49687ac9550bd4e34f9f4e00cdd5acd958ca9d669af3762f7032a351dc02bf1f26599b084215577b55272073df0842fdde05e4bc7e4d47d1237e093a7d3f5a2d20c211ce2d230e1e3e0bb0528a3a10e695c59a4ee542bde7893182c254daeecc80a3cea2d776b23e2af85947909d3a3e70432583faa8867be4af1f211b91f84d5e224b3cf4e757c905dada5e70c3fa0a8fce7ae931488554d995d6f85f152cbbea7cdaddf92bec051012a1dcbd8241337f8ce9c55830b5e2e72e3b1bbe96edadf55c22a365db4c1969dafcb944cfb8ab6914a08102867a3bb70593f837203cc645967831737edc10ea68923b9b5949be7fef9a90d83ee5208a8ea7919ddcf55a975e080fca1a7458097f3d0845c5dac3e6c43152db008afd1b3fdafebfbf95eae7d2a1dd46b21b872d6e5e8f2e57b7f9aad83cdfde47a0dcd489746f83e1297be2259dc6440cf4345893645c34988b6ace53c6b381ad28353f4be643a9177870e09b473a0e8c21e89c7fe27a98c98d7f63bd87f4edc95589dcd954d68bdb218fa285893601a573d23f46e8bbd2466fc78a578df8cc5c6b4dc0ab73c28b5854cbfbfe37e67b86a69ad5ac3ae810f1ee2ea417310dac84ac99d46ba72d5fac850d449bc289e095972993b84ed46b8ced553addc6aab9cf9cacc52e4fdf15e67019f10cba3cde26b4669"}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000001300)={@rand_addr, @local}, &(0x7f0000001340)=0xc) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[], 0x34}}, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xb57c}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xdcc56b50}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0xc0) 10:08:03 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 13) [ 1479.574820] syz-executor.1: attempt to access beyond end of device [ 1479.574820] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1479.578307] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1479.645979] loop2: detected capacity change from 0 to 40 10:08:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 9) [ 1479.704839] loop5: detected capacity change from 0 to 40 [ 1479.763229] FAULT_INJECTION: forcing a failure. [ 1479.763229] name failslab, interval 1, probability 0, space 0, times 0 [ 1479.764232] CPU: 0 PID: 8085 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1479.764787] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1479.765340] Call Trace: [ 1479.765525] [ 1479.765690] dump_stack_lvl+0x8f/0xb7 [ 1479.765975] should_fail_ex.cold+0x5/0xa [ 1479.766270] should_failslab+0x9/0x20 [ 1479.766546] __kmem_cache_alloc_node+0x5b/0x400 [ 1479.766873] ? iter_file_splice_write+0x169/0xcb0 [ 1479.767252] ? iter_file_splice_write+0x169/0xcb0 [ 1479.767616] __kmalloc+0x46/0xc0 [ 1479.767867] iter_file_splice_write+0x169/0xcb0 [ 1479.768222] ? generic_file_splice_read+0x1bc/0x4d0 [ 1479.768598] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1479.768982] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1479.769381] ? inode_security+0x105/0x140 [ 1479.769698] ? security_file_permission+0xb5/0xe0 [ 1479.770058] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1479.770443] direct_splice_actor+0x113/0x180 [ 1479.770777] splice_direct_to_actor+0x33a/0x8c0 [ 1479.771135] ? __pfx_direct_splice_actor+0x10/0x10 [ 1479.771505] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1479.771896] ? security_file_permission+0xb5/0xe0 [ 1479.772269] do_splice_direct+0x1bc/0x290 [ 1479.772585] ? __pfx_do_splice_direct+0x10/0x10 [ 1479.772948] ? lock_is_held_type+0xdb/0x130 [ 1479.773274] do_sendfile+0xb1d/0x1280 [ 1479.773577] ? __pfx_do_sendfile+0x10/0x10 [ 1479.773897] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1479.774271] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1479.774685] __x64_sys_sendfile64+0x248/0x2a0 [ 1479.775030] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1479.775395] ? syscall_enter_from_user_mode+0x21/0x50 [ 1479.775766] ? syscall_enter_from_user_mode+0x21/0x50 [ 1479.776151] do_syscall_64+0x3f/0x90 [ 1479.776432] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1479.776803] RIP: 0033:0x7f19d5d86b19 [ 1479.777071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1479.778323] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1479.778842] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1479.779350] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1479.779852] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1479.780358] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1479.780855] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1479.781376] [ 1479.804292] syz-executor.2: attempt to access beyond end of device [ 1479.804292] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1479.805181] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1479.882978] syz-executor.2: attempt to access beyond end of device [ 1479.882978] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1479.886177] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1479.898685] loop1: detected capacity change from 0 to 40 10:08:03 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:03 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 14) [ 1480.062644] syz-executor.1: attempt to access beyond end of device [ 1480.062644] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1480.064471] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:08:04 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1480.101227] loop5: detected capacity change from 0 to 40 10:08:04 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) openat(r0, &(0x7f0000000000)='./file0\x00', 0x400, 0x1ac) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) [ 1480.180510] syz-executor.4: attempt to access beyond end of device [ 1480.180510] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1480.181688] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1480.190541] loop2: detected capacity change from 0 to 40 10:08:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 10) [ 1480.268651] syz-executor.5: attempt to access beyond end of device [ 1480.268651] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1480.270677] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1480.273491] syz-executor.2: attempt to access beyond end of device [ 1480.273491] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1480.274442] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1480.313088] loop1: detected capacity change from 0 to 40 [ 1480.383689] syz-executor.1: attempt to access beyond end of device [ 1480.383689] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1480.384752] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:08:04 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:04 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x309001, 0x8) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 15) 10:08:04 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1480.466278] loop4: detected capacity change from 0 to 40 [ 1480.477476] loop2: detected capacity change from 0 to 40 10:08:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 11) [ 1480.539455] syz-executor.2: attempt to access beyond end of device [ 1480.539455] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1480.541674] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1480.563783] loop6: detected capacity change from 0 to 40 [ 1480.565225] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 10:08:04 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1480.587361] loop1: detected capacity change from 0 to 40 [ 1480.592573] loop5: detected capacity change from 0 to 40 10:08:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) utime(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)={0xbc, 0x6b5}) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 12) [ 1480.702741] loop2: detected capacity change from 0 to 40 [ 1480.786362] loop1: detected capacity change from 0 to 40 10:08:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x30, r5, 0x87d27e71721737b5, 0x0, 0x0, {{0x6b}, {@val={0x8, 0x1, 0x13}, @val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x40000, 0x54}}}}}, 0x30}}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000127bd7000fbdbdf250c00000008000300", @ANYRES32=r7, @ANYBLOB="0c009900060000003600000010006e800400020004000200040001003c005080090004005acb359fee000000080008800400020008000700000000000400050011000100702aa58e10550efad03a4aaf0700000004000600"], 0x74}, 0x1, 0x0, 0x0, 0x2400c004}, 0x4040000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 16) [ 1480.992461] loop2: detected capacity change from 0 to 40 10:08:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 13) [ 1481.163676] loop5: detected capacity change from 0 to 40 [ 1481.199341] loop1: detected capacity change from 0 to 40 [ 1481.312748] FAULT_INJECTION: forcing a failure. [ 1481.312748] name failslab, interval 1, probability 0, space 0, times 0 [ 1481.314214] CPU: 1 PID: 8133 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1481.315196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1481.316151] Call Trace: [ 1481.316466] [ 1481.316749] dump_stack_lvl+0x8f/0xb7 [ 1481.317262] should_fail_ex.cold+0x5/0xa [ 1481.317768] should_failslab+0x9/0x20 [ 1481.318326] __kmem_cache_alloc_node+0x5b/0x400 [ 1481.319175] ? iter_file_splice_write+0x169/0xcb0 [ 1481.320095] ? iter_file_splice_write+0x169/0xcb0 [ 1481.320992] __kmalloc+0x46/0xc0 [ 1481.321595] iter_file_splice_write+0x169/0xcb0 [ 1481.322462] ? generic_file_splice_read+0x1bc/0x4d0 [ 1481.323358] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1481.324228] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1481.325155] ? inode_security+0x105/0x140 [ 1481.325853] ? security_file_permission+0xb5/0xe0 [ 1481.326514] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1481.327251] direct_splice_actor+0x113/0x180 [ 1481.327816] splice_direct_to_actor+0x33a/0x8c0 [ 1481.328421] ? __pfx_direct_splice_actor+0x10/0x10 [ 1481.329046] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1481.329716] ? security_file_permission+0xb5/0xe0 [ 1481.330349] do_splice_direct+0x1bc/0x290 [ 1481.330902] ? __pfx_do_splice_direct+0x10/0x10 [ 1481.331601] ? lock_is_held_type+0xdb/0x130 [ 1481.332182] do_sendfile+0xb1d/0x1280 [ 1481.332709] ? __pfx_do_sendfile+0x10/0x10 [ 1481.333274] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1481.333924] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1481.334639] __x64_sys_sendfile64+0x248/0x2a0 [ 1481.335273] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1481.335919] ? syscall_enter_from_user_mode+0x21/0x50 [ 1481.336608] ? syscall_enter_from_user_mode+0x21/0x50 [ 1481.337298] do_syscall_64+0x3f/0x90 [ 1481.337799] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1481.338507] RIP: 0033:0x7f7c47a26b19 [ 1481.338989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1481.341443] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1481.342398] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1481.343323] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1481.344220] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1481.345112] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1481.345990] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1481.346918] 10:08:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:22 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 14) [ 1498.281369] loop1: detected capacity change from 0 to 40 [ 1498.301320] loop2: detected capacity change from 0 to 40 [ 1498.334798] loop6: detected capacity change from 0 to 40 10:08:22 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:22 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:22 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, 0x0, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:08:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x149842, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x10) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) openat(r2, &(0x7f0000000300)='./file0\x00', 0x20201, 0x84) socketpair(0x3, 0x3, 0x5, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000180), r1) sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x20, r4, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x1) 10:08:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 17) [ 1498.347165] loop5: detected capacity change from 0 to 40 [ 1498.374782] bio_check_eod: 8 callbacks suppressed [ 1498.374794] syz-executor.1: attempt to access beyond end of device [ 1498.374794] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1498.376231] buffer_io_error: 8 callbacks suppressed [ 1498.376241] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1498.384938] loop4: detected capacity change from 0 to 40 [ 1498.432029] syz-executor.5: attempt to access beyond end of device [ 1498.432029] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1498.433134] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1498.444799] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1498.471573] syz-executor.2: attempt to access beyond end of device 10:08:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 15) [ 1498.471573] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1498.473621] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:08:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 18) [ 1498.588315] loop1: detected capacity change from 0 to 40 [ 1498.689315] loop5: detected capacity change from 0 to 40 [ 1498.698599] syz-executor.1: attempt to access beyond end of device [ 1498.698599] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1498.699805] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1498.759045] syz-executor.5: attempt to access beyond end of device [ 1498.759045] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1498.760991] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:08:22 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000010000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) r2 = syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x800054, &(0x7f0000000280)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES16=r0]) chdir(&(0x7f0000000140)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r5, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x100, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x20008000) fadvise64(r3, 0x8, 0x4, 0x2) preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1, 0x401, 0x7) r7 = socket$unix(0x1, 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r7, &(0x7f00000003c0)={0x10000007}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f00000002c0)={0x3, {{0x2, 0x4e20, @loopback}}}, 0x88) fallocate(r2, 0x1, 0x3, 0x5) sendfile(r4, r3, 0x0, 0xfffffdef) 10:08:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 16) 10:08:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 19) 10:08:22 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:22 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, 0x0, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1499.002467] syz-executor.4: attempt to access beyond end of device [ 1499.002467] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1499.004439] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1499.004608] loop1: detected capacity change from 0 to 40 [ 1499.024256] loop5: detected capacity change from 0 to 40 [ 1499.050694] ======================================================= [ 1499.050694] WARNING: The mand mount option has been deprecated and [ 1499.050694] and is ignored by this kernel. Remove the mand [ 1499.050694] option from the mount to silence this warning. [ 1499.050694] ======================================================= 10:08:23 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1499.092392] FAT-fs (loop2): bogus number of reserved sectors [ 1499.093320] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1499.145549] syz-executor.1: attempt to access beyond end of device [ 1499.145549] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1499.146580] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1499.189232] syz-executor.5: attempt to access beyond end of device [ 1499.189232] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1499.190816] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1499.845895] FAT-fs (loop2): bogus number of reserved sectors [ 1499.846679] FAT-fs (loop2): Can't find a valid FAT filesystem 10:08:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0\x00', 0x8000, 0x40) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000380)="37a86c74921328f1e1901881849c89797efb13ffc544fff1796ff12d9be89e013732fdb024058a273b9f1d6eadf0886e295bfad61f167b2b5e9dd4ec214bd3471eff76990be3d2e88ec7bf7d2bf8bd03bc95cc0b31da4ff07f9b035bbb634b21fe1079e13a81d162b12822a3e5c550159be111e45a22197009867b0973d27f20e392c34e676fa62016305d1daff2065e68a785b1bf2e7ec67c8dcec54108e6224343be72ecd01fd8f66c5c59708915732ceaa7a0acdea69370d5984b0807e4e6aff271cbcd1f9586437b40882e54a8e29ee7af92d270f0984e38403927547dae940e3e45b7dfc0be0173fff072a19bcda9c056b0a9ceebdf36b6d5ed482949ed") write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1) r2 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r4 = openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff], 0x4) openat(r4, &(0x7f0000000240)='./file0\x00', 0x80000, 0x100) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000014c0)={{{@in6=@private0, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f00000015c0)=0xe8) mount$cgroup2(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000001c0), 0x82052, &(0x7f0000001600)={[{@memory_localevents}, {@memory_recursiveprot}, {@subsystem='memory'}, {@memory_recursiveprot}, {@memory_recursiveprot}, {@memory_recursiveprot}, {}, {@subsystem='cpuset'}], [{@uid_lt={'uid<', r5}}]}) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:39 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 20) 10:08:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:39 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:39 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, 0x0, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:08:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 17) [ 1515.505804] loop2: detected capacity change from 0 to 40 [ 1515.576773] loop4: detected capacity change from 0 to 40 [ 1515.583459] loop5: detected capacity change from 0 to 40 [ 1515.594130] loop1: detected capacity change from 0 to 40 [ 1515.610602] loop6: detected capacity change from 0 to 40 [ 1515.620439] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1515.651286] syz-executor.5: attempt to access beyond end of device [ 1515.651286] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1515.652293] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1515.679545] syz-executor.1: attempt to access beyond end of device [ 1515.679545] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1515.680439] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1515.684580] syz-executor.6: attempt to access beyond end of device [ 1515.684580] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1515.686344] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 1515.821514] syz-executor.4: attempt to access beyond end of device [ 1515.821514] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1515.823436] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:08:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 18) 10:08:55 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:55 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:08:55 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:55 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:08:55 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:55 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./file1\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000003980)="04000000646f7366d8a02b00080101000440002000f801a6f0348618d866975ee07b4cee95712510a3fe5e38e15216b4f1cc21c8eb385ce2a2eb655a8dd6360f177e50ff50716d70fe4bfd8d1b416d29b2ce79d0d5a3582c10fb280845346948a93ff45ad1170bb9df3dce82f3378913d5f4dbb2e585b012c0d605f32eafa60c059f134de771b2391bcb485542f00ac5be3d383e4b7b1fa977341d12b9c2b518a5e4191e0ccdc53d8e302869e056", 0xae}, {0x0, 0x0, 0x2800}], 0x4010, &(0x7f0000004a80)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="93901cc93cf5a2e0feaa447b0f03fed8d18ebf66f9d1e053dc278075455d4faf1b217f755f2ea6d8c8f7c077b79f503752fdc036d3fe4a6150eb159ac2a3822ad8006a00110fbcfcef75a5a1e71fe9bf705d7f12b2906424abf91ed7f46c6a2a998375c232c41619cfcbe1a9de992b1db98241cfacbb590a81ed6458dcff5fc2e798e6636d5de12a6064411d659c907acb1794feba29b88acd1c57f529fb5416bb4dd4917fe94290299298e1bd98ec7f82c39bb04cf4360b0cc2125b451c4f0f8056d7b578bb8cebefb8ff89e433bd23372f969ee597600a1381c9e1a9ab26f91322726dd2e716b39565dd54a6f24a86d2469ab15b10507ff6aa5c35d5c925cdb4371bfe62b5feec3abb4c99d5b76e92fa1e9847a13cf4c6a44c0e7b395d3aa6454521d28febb2716b5dab1cfebedb4ac21ae7c37550a716caf693a816b8d782340221c6c0fb39e97ebf98052330cdde24af20817b3c6e59d1db97f0742f3de936096963e49a1e2ce428241795f72900f6a5b450112344b21d2a8645f5ff973c979abcc2a00e6c822d24d329a8f29b41d4cbf2087cdd6668a66ad8139d8580233e1a7f03a4da3fe8e7eacb4afc8763fc9c6c0d03104566cf5fefd3a1c7dfdc303df4af6bcf25eba36765329c71b8493ab62103b55c0c2b61843bc0076dcae3b09502fcb5336cdadb4a9baf1d898b4a0ea8a5f5e35e6a364ef4ce8c32d2548659c517fe7a721a11c47ee61dfed0a272e62465e0e9e942ecb5c2280475e2c21c3829e47064f8ddda019fa272658a36594001ecbf78af89a7261296832b297f9448f10deed80e2dc00e1a62cd289b113a9ef07b200490d649d2e87c99e85df1cf606e41785c761e1c6c041557a7f372080f78f5706335c5eefb53649e6974e4a74522751a147eb8fb0ca9dda23de54636ea3a58d190c1eb70bd6e43bf95cd2b1d74423ecb031839da55de4b0bbf338645f080be2d319309ffebe205c1c0b666b1fd7f112f3fc7275f359b4199b23af3fd96b27fc35b2629306c91ccbe0f9cd17b31d39d8470123d378cc6c65925a4fe45afc82a00b7dfebf6a7f8a290d818dea2055b7d3775cda0fb5fe18daf49cbbed3081c60c84b6ea8261e869142621b20b1f33cfb1a59a5752ddb6dc2b1e8a9a0e65368bf8255fc58e8ed8268841c11b02f6d63745a915fc53d3d8cf0ea291d7306668f8cbe4ae85facb6b87797a2f1c0deefd60b7a83ba8fc3848d34156e9fcc84c97f07881a986be5c1b8139190042d194d5599c8ff4fe8365a58ff819c284f2e6a5f09398f6525cec5023d86b9f6bdc86bed5c1e918cfad5ee7c0649e2c69a09412362c047408692ac31763b80ee71707bfaea2212ccb235e314061d56b8e067a8a3346141620bd97c6021868eb2d22f95316f42646a93ac5d9064f5660137124ffcc5a5014e79a6ddf69ed9f6ab252184c9472da4911fd4dd92c4ec8c607cdb3e71688048ba33705a4eb52e7629a8ee11fdcccb9870594c8d84b92eb31a645a681440b07666d1d7b2172eca1fb38c507c566575b6c1d634328832860ea85bbfd7125957b9fb9514320c1822bd7ea3cdcb7e8d063165fa242a9dd676684464a70254b7f564c5a64485ac92a9f831bc04adadef6b81f8726d84642b791bc65e6e1b3914127789f60f49f0dc2bab1cbc9720774ee248bc2534e827cf6521ca315bb9e60e60af67d5ccbd6b16eea6d495fb78839cbe36655df297c1881d2ef3f681e8716b4d57d7bbad8948b270913b5f258a1ebe49e0f95e18825a025f6cd4e8bc6aed0200034fda511aa04ffac2921eab558ec8c9bd3a29ce8428025d0d7cf016a242f679c1ad910ab6e35384a3f3117a5b50a1a8486f1a680b9ce7676969263ea191c128f2c2a1c6dd5942c9ca8496962d0699b0c3b49d5e9e7870546e1df83c19a6561c54a2b87e2dd5190b9fec4a611b554ace255af6f5f5bfbb61ee7b52acea2c46d975d98b19abbcdf389188f657e3fd6f119bdaf382b1485e7a529918106c6d304567d9e060f0ede8488accf6cbd28f94a5723dc7349b39db05491e222326ad3698cba869dbed60bf7256e2a82032c561911b3e2a5a5af181848e72595f7b7f0cb657a24a1eabaa5318215c0c43d681396b9c3f0e150689c94f98e069c98593574eae06c7231ac0e0bb55299d53a9c60b938cfe25c9ce21e932c15d9c60ceb74e0f0a44cdd500fa63824c7fed6c118c64084674e3751ebd00aa3d835bb91d8fb2e20a534896c82d2276193b99bb6f11d32593866efe56414fa9cb0197e592f3ab9aff3c5b7a553c5266ff943f7c0560d4faae74779610f1c1a56b1cc889d384d5928958cb5143aaee328a976a64a9b6f8de4acf25189d64ea9253f6e35f6c23aee6776cb2a59ae0127e2ddfea9466d2e2e7073e0e13e92273f7f0e68ccdde2be74da10851f940b35c9884edeceea1b4b467fdc5cc9478c3d627b6bb89ab74e9bac557c182b007ec9b7ab64b77060d6aeb8daec90fcf82d6236fdf80cb277deb94b0f4934e5706e2b4746b55788a40d376a00bd43ab04bea2501868785563ab827bbfb62cbe235e40f9007575915e46a76857567366497891892754200d5dd7cd9bce001216cbdd12e91e59ca9e5d7dbd992db686bcbf1cb8c8f4b02f704a87111d6756ed7899fa63c123ce9adec745bbd69d4280be0a3579a5fe3f0aae1bffbda95a83f7e2e79647665997c9623d9742c1d01a3c1d7ed2b12579cb1d50bf56bdfeaa0eb950272e02eb417e98c106505d4729a15cb501e0a34819c261b033bbcee3789bfbd3be8022d13e43b47a72328fa0ca898fd47b8fc154a13d699d61ae88d294189de775057fc67afac136ca9e3fa56a04a4434f86667ee13cf5be4743eaf53668f2affbc6b1eae3bd54b9db7119106edbbc7ea90e1e8fd938e789f37776c414874af27100a5d7ce32ea7b71b9c4942f926bc25d4b6699e0260b6d495f021cd28c086e10eeaa23aef8286d75716e776fcef1728f58720c7724f652e782f298798a38c868bd187e2b8e856a1cbb4059dd49a37a5aa89d8fd70d84a7ca4c36ac8ada1fd0cda06dae6ded05cbb6e2404200a8bb59deb7a0fb3e9f436b4b38b5637714a39890410a12b92366d451cc89172700feaec44c289f9b6aecf1f0411a0d4aef690208c70713415dba221630fb79cac0155ce2caaa8992facc41a2bf9ba836573ea41f2a62fa0e17d3a438c12c7d8f966a27cdc3aea4f5e920c7f9057ca72c352f0de150ae495cefd64c2b65725b79175a3132230620f94c7a32ac99f5f330e3fb5079dec796cea7f7c1a54ebde6a07150828eae73213386cda1ca0d662a1047cd6c31270301fe97967c43f807dd097388f09b8325981babaaa03c2ebc7dc094a461d0aa9fc8b1cebd9a601eecf355bd253d871b1d30d693d3f9059f27000ff9f7d6c89ba19e054c9ee2ee71a49e02fe4059595f3995029dea63a3847e0e4212cf8736e190cf54f92d90e908c1d329fdd152b55909fec2e8a3a16b72d9f06e04899899281d4c5e3639b437ac27a74fcbad6337827cf5525bfbd611d3ea560dc2a2fcf32a3104216c6cf9d8e5716bc26264ad86c04fdcb51b7892fae6cfc68c38e69145c0aef0139eaa3718565c965888ea20ee9498c81bbea009f7ea48faf764fb08c165043464adb6ec652c3ac08cb0c866d04b2378d4283559602e2151ff3e68c5880e64ee2c04bd983009b2d02ec49b1cf2a795f44ef445ddb02efd4e45fc1384b75d7e095570658621554f1b598d034d7fef3a79019958a101d6e3018a90bf964e3ce2eb73c10f45b2ca3356927bcc55223f3581c400b9e831f08e871a0b6c6147f372d89d3afb6fd5020bddcd33954edfa8ee17e44b5c0523dba14b5d52c63a1fcdd7358d5842c05cbbdcb74a118ee43136b7e449e2ee03f07e58a2816fac6b13a520dae26827b2b85215eafeb91c81a494256f9364c7a8228e58e880660b04fe80e309001befda5f840df6d77ad7aaed6e604a5b00809a8822539785b18af2f7e5b7ea15c5e0b64af36413bb0cc1ddd36bee973f30ef69abf0d46117bb64d78143352190b7dc7e2a8c9ba0e86956269936a36ac75ccca6adaca0df055dc28c6da0e0e2d415307143228a6665902d55a7cd7e6755cfb302101758700f44dd8d2c4785f911096b0defcfbd8372db233e44b15e26624162d95328f443ae6fd80d7c254134195a7cfdd049cd980a92fbf7f47d9b9e7437db278e918fcc7271a565f97f71afe691d5bc2410def70872904d552d0eadc95151486f83bbdcb131f8578fe2d4bd30e8c5cc75a50c5ba0d1c8f5ba4d4a3368dccbcb373660680dbe30436345537a68b105a0a0e46182e651b8b05df88fb5e1a3cd4b5d39746c0b610370d2fababe7094b4c836bfd9a3532314c27574eb1a3611ac028a254961d65e09c50804600ff39c2ac85f1d6c96d38c68eb97d12ffa4d194ac764fa5317d9defaabf74826c6f97183e50cfa42f957ff8eb1210668fca1742f385b8c1d81db5098eebabc01e3151cbc283e5ae7d530c7bbbdc85fc06a215662cb2c1121bcc1dba0bb3cb9af7a3b1fd9a2d315f91308497cdaa5021980286f383d2cdd8803842e27b3556286e10ee9ce0c8cddbcd95975cf255523f873493f42e79307125987b818ee7a3818727ed8a7041292ea5e587d972a86b56498cdfad0f7bd042c16570d4300f92d15d76e643ca0dd33142dab930d1ffc516d47b5c4b6298c422fbee5ac9bc88e253e0d0e247429f729f0be8d8a4544a79aef04a15e98a5469f526b02ff8e2867a64fdd725dc45464a010482af2efbe592d740374cb444d56a805fcfcde81576c7ada20063cf3aa5b62e13a92a189e81a578281c78a0c1c075081c8aae2e276a6d8e07ec2822a7a2bcfafd88ead2e7c5a995341240476682902bc0f90959f3d010d7161120dd49d57c7b20a16180239e1e01476c6f7c6875f73e4fe60dac5ea7b85f4fda568d07b5fa733fda3b173df80c3d9dcb0b1ebee23d54dbc1e36f2eb7ceb2d098ca44d32a7509a8524aaf65d9fd86e7ac3e1a20a2d16e688be208b035fc7e98df34ae8b1418a9c26b95305378e84bb9a1f498bcb325d0f869f5108f69f6df143e99b80da3a5b39383175f9f0f58cd2f75e6f7cd3bdb306a1f085d1c5277c582fed672b1e4a42eaf34ccbf53875b1d9b8aa4e18fb9ac5082e066b3642f3bc97ecb47a7bf531b83aec5eb58eef5ffc20bbd3d38840e3cfdeec9ba6125cd2c515f3168c5242cbe103e4fbcfa557eb91e316906e84b4af6531762698622670caa956ed4eccc57595998f8bf971370e30f7ce7a6cd53987baef8bd910b3f98218a71de85aecc371927d4cfdef9be6e0e482a661d4913c077d291f4e4ca02e8b82b6eee97cea2a390bba7e83c9e4cb3b3d455e6fef7f7943c90d5c60c55623174f42999aad8475102629fec23b0b2015795811fd2b78158ed99e2054e1165a9a0565ca73dd460898ef2658fc5e765e2a87e14a832c7313e15ca4c0e04a5474390e0f51c005739f7698015f2f87a0687a9c05161ace6ee812766942008fdcee658b89481ce6eee63eaef2b3b1038b229460f45da17a93f83761771098ea8e0d148df93ee047fd7f6ad48e6c76e0eac9f7c1c9b741bf3198d22e4c06e479f81d0e3b6f656454c2f954bfbd5c690646cb53f4ce1e12219c137d8b82966e0d40eda1e8510dfb6e1720ac78f5723d62f8ce51049a7ea7f476f423f36b283fd06632bfc16355289c4ebd0ba745b7bc7cb90ac7dec3daf36fd5032cf50b4b142306f5c8bc9e675c347cd730f", @ANYRESDEC=0x0, @ANYRESOCT=0x0, @ANYRES32, @ANYRESHEX]) chdir(&(0x7f0000000140)='./file0\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000003800)=0x3, 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r5, &(0x7f0000003580)=[{&(0x7f0000001280)="06f1a747bd1c97be6a7f44c9788c333620fa0a65d20bf8faa9af030641a0861037fb062aead22a515b75b6321259891a8b211433e258204ca0a1a9095a4dde93254de437099a88692db8399f77557ae6d2bab3261867ee258a602365fe1b72e7ccd8bebcd1198c2d9b26dcee7f419a38d505dbe6cddb3b7af593a77fbd182988e16dddba877d15bfcfc90d9d2a434d173aefae07b6591185fcfdb936707b10b0a4742d527d856e7d53851d4a2d7f3b3bd50ee223d2d7c402ea339d57125a129b0355a98c6849734855a1526b07b18d4217e04922081bc44285c8150ca49ae747e2496766652028a657f066b4", 0xec}, {&(0x7f0000001380)="20c19be54e5d2058e81f73c29e562db936689f47598552f0e74ba75209e96015d6e39b2e371c8329ed209bf339f211360c7e72fc6d05be2fa8adaa07988761733d918fe89f0cef203bb705160d8eba975d7b14af0698721e07b2824a281d0280a5c56362af84189f2eb0704919949456d11fc924333b0a60692b120ae4b75fc858d54eff2450f22189fb827f95", 0x8d}, {&(0x7f00000000c0)="082738f0ca1109ec732d1fd9b6c4982f", 0x10}, {&(0x7f0000001440)="e3f42b900cbd9fa012ed311848cdef319cf7ed7dc720319b79d6d2e59603ca32961212ebcd0dff2369d34084c4886a6b59ddf89968286e9f72ea39f47d2b5d3b2d61b6ce2a485630bfd87be7686eb421a7d8792cf1f3cf6ad85eb38e1a2eb624899d18e81e2f0a83ec7ce9de97510b915559aad9e82378ccf1aedc0563b6869b6e980d36942156a8331cef5e245da357ab8b6a53ca59e2a2ceaf9b8b274859bd024eb6b258b100180cad085e0e4daa0d5b14132a0bab4529ec542ff78092151af219bae17113a6e616c43ffcee87976cab20cc1cd60aadf53ac1a5c8cb76cb292ef63f340509192f184b843d70ff53db79e9f67a437cfeb2b491ef0b1b9b293b6cd32331558c15d7293404a22b5520ac9ded8fb4fa3a76d9408942abfe1a88a258b45edca35281550078f244cc63db88ee672b9f196934dc12e815dbbc9a8e465227b934135ebc151e2f02627c5f993bf6b4dfcb8df91264cdea1bc9ffa25d63295e318bb1edf188a148d9c43ebfa2e4770723876671b527ce1afb25196c60eeb428316fdbd25615230409eea1670b2f27d6e1817fe9c2a8143bce7da13b3eec79b3a72e954f21f7ae724a82d30991c124676fdf59afa166cd97ba967ed0e88f5bb9356b132b1f07c84381e92de9315c73786babc8bdbaf9ef002554d2d222c6a3c7a4f50af7a6a12e2cd3dbd449e9c89734b56edcb3b420c79fadf87a018f3c7b86d917b6fa8215c0434b866997afd94205454239070e60ff46368548f1b8835b22062ee2ababbff2d41e987d1ee3acd694bfbf46cf648b3ab7d7ba9da1b1dbad3f5a4c2815ecb37195ea25e3e4d37e106330a5a8417d96cce3c8323544c47c2f2145ec892d9a2451ff026497efd4fa5a17dcf8ace3886b5f742e70c708f138f68af3f19565951efb0f9ec0ad83d8bacbadc19a974a71c9005cf9861affa23991dea40bc9d6198281902236eb555de6c5f2e0982264baf956620165b1892e1b5e3c508d0e63338de3b67552e88a613ee906931d8f8cf711b6a448e59fb485a0f581afffcd1e66ed16df5f49b27629cd510e1a6e4eec997451cab8fa232e07eb164de60d1fddcbc0ced0febc45240eeb508eb0e5c2fb246f69ef3acc197eb1a2f3fce6b755e0ed25253e43250de05d64a3273fdc3890a0e581979cea0f494812a315c8c4c85ffe7dd7bff447b9f17d2ac4a4ba9ec927c7a04561a105c10d1f3f5134958531be18a6cad186f48756f0626abed63f26ff06daae94aa017e20922caeb9f37f4b2d3989e351b8fad3a391e0a022290c5ac941a80711ea5b5a3cc92ae184e2d5f8545f90f802bf76e6b33a98ed71a93205db3ae76c9c5922d949b98644f67e918613ed5b4230263f24536ea62282c4b6ffc38b01a8dfdb8ebf487816661a756eefe6a21b16c092e94dabe4ad76d7032ee990c77a29e45c0085f063a281f93cb0be6fe447e79b4c8b03b5ef2b53862d3fbdc143995789677c8c2eb46aa486f9c410e203ecb2ebd868b64adb251b5ea8af7510d9dd264b9315f82fa6012b481c49d4df31cf1254737134f811df465884a4777c80c61d84b76e49482df8b09dbb70994c3c87e490e70a9d71e761459776ce8d3f1f18ed0156cfe540d94c8570edb9ead1bef8aecc2d271f62cc68c06e793a4eafb87341ba0c569c857e3e1ffb6f5221467db33df137ce3f2dbada8d12298a1676ea2b74c135f4baab3069ba325d325f9fff8ce66f00f112ad44149e20ef2a750f7e4dcf71a1ee48158c64301573591b95e28710479f8912970244c427b50db961afa2770f47ade9efe4768b1be3cd050212480b4b1a4856e3d6289561915e1578693aaae800fd1532d04d68a3143ca3f04e274fcddb4f07ee6d9d7137a4895007f3b991fbd1781c3bebd1a7ca5e75cedbfef0bc8595458c21fdf80f46b66b356e538299cb4f969f3be4282d2d66a381433c4e971b40fd9358337e8661827e6cbdbca6771f5d00894f13da5e2b4ecbae7b654557302764af42a47d73c44d26498bb73f904bb63c706774707e893341994d2d8f323502c54819b043e3da99397ae9e7c214def7f8db5f6d0c0e23985b492f1db5fcfab5bd4bab0d9a28917283326679ae2091717f11a4daf3cd92a03a58ae98619f886b7491daf52d875a22ce225d3de998faa3fac5dcc1e4c9a7fdad6118f2a8a437852d602388d2e7344ee8a83fea7fe5646ef3910f6a1b1f14f3177203d4ac6bd028245183d8f2d02c5913002ff1f7062b5c9a978005d3b8e6a6946ff223097924e51e2401e861a8aaf94705955627d418861a36f0c47ff14bf775db1ab63b1ee656524c8e6737ae5a6d2364c5dc94d7fe98cd2b47c3d8058026936070aa6e925088134b65742f3906dbc3db88588c90ea461f935543d0c5900d21057b5ac99403bcea358247bbc9022eabbe1a134a14eaa44c0e761160e19e4b3286b671cc53fce99469c3c0b2a385f1259b69480bb753c99afd24f8930a154a5c55f05f287a4db991e1de0d9b6146ccefea1121d91cabdf07fa10191528f7ad4415a0117adad0c8e22880b74ff6f33213244c446669da2c40d8908d43044467ad88a8cbd1efe65680a1d524083b0f3f6926f150a41d0cbe703adee80908448575a9e2b7013ea6b46f319ac4c9fb6df35ff51e949a19c1d1ce0e0977737d8c77fe4a18de6173ee60ddfe0d1959e182aa0ced445460231ee36c851cdbcfdbc2961113b3ed2c62b24d9fbb99e53410a909769b54293c6a64c9a54f36371cf9977ba99fd97815122530d341914d53177cfb438f59fdf494e39a5b2619aa74e82fa6b0effb68ab6554e738a442f597c2631cb7f0425de9ecb0fc73e37d9d1edef251a0a100ae9f3bdeb778dca2a26b57583b93e80c30ef73318a29f8564e8b249488663c17a1540f1f712821aa53fcefc130272efd622659d1c8a442958cc6728f4e7b43410241601e9777ece62bb5d476c89a140157ec62606567257bc9f19adb4a9717bf52ef2d8981504b2f0b70632a12a8d3e6cc50fce1a17a4bf37f8e70f81b5478e8c639d29eee32f197db5ea8cb75203e3497c3c6e1e2f2ed6828386dd59a1c0fc2f1c0304b4335f05d0facfc35d6964005abf357be4de51fc06d9d1ab63d7869be5ea3604f82eda63898e0c7f3de813ef6014d2e984067c305103e9f0ef1d65d45941bdaeb36e7e98d5159ce56520b75cb8f3fa9fe221380671afa18e8f77d279ab1f03974c448d858acd625b9b52c29fa8c3e8982fd4bcd207368fc657a400e43d6c4f32f1cbfac4012178d523f46805062b53eb46b7f9e320b349a3af4b6de9fcab522426632670248304b64b4eae48b4cb9952ab8949ce47936ca1ed31d8a7329d23a1cf1474532162a3866ca34a839996f9b0d917b6164453367116e2849e461a620c4c4c9fa03437682a20c3fa1bc4e2f13fedec6c27edae0a21079fdc90a0687aa1c6283c811716448ac3ec10e60660eccefbc7d13d86617f082ab7f79f806e99a0c2d7e80e48a690b0e163397fd597764311e91f71dab156c3ff229991d57743c8f763e74dc5ef2c1491adf1bb2a5b73abe58bb03c55d2d1c656766be63f8f1f2f79dddac659c2aa4225f92d151d61b540319147e0f74a66ea1625506a20f9e64ba553fdd1b738ae4f8a9099a0c376aa88e8b43d956b4fb4733022e41e8fbc80a26ec10c293cace98b7f2e4f83b89b6661eb54ab0052127229c0556eb922a88974ca395373e50d18e06b1bb2abb629d03c445ea9e94be3bbec1cd074c498da98e0c35b226b56134f597389c26ab0bba78e869065f87c9b505d01e5080a3feaf4eaa75cbacee34ae576aaa8dfe21f769e7108488fe91030b4092445581604f94984d4007ad1e48ca42022a7e66454803cb3b8679720073fb6226638f1c5d372b1653630f28d37b54e1e15f305e31e11e551e8163a79d15ccc75c662aa20c72d6027df4481813715a62f3fca86b69564fb03fddbd9d1903b6e1e29bc8502ff5376ad7f1bf4c17ef3b9a4c22a14b07ef3d37a4221844ee591299d6cf074f2e281256de7574d12bb082519a3e78fad128a5c62c396c77dc8ee2b68f341a7fa92bc32a2a678ea35ddc47e0d8c92f5077d1b40a959871b6aba64c360847c0fe008056cd2084f22ab0ab4b8dfe084d57aeffcc5dfa8cd3e431e9fb6fe94e163cf0612dfcdf1bd009a8b7141ababb03dbcd5c93da063f11af2624ffcd2a88350028f33185d958c9ba15bc3c720bc7ed8e1ad0eaa129c9a26cf252afdbb02b7363c7ec68c78f04807cb576f59e6e66044b6b8d4b29f519268e03b31e645adf293b64b88b3ab8a24a7518025e79051d748a091b3fc6bffa07207f2b61dc0d7375a07253f15bddbe5ea128820ec5f81632c6aaa75a688868e8dcf82d5c7b8c76bcbfa37c2cccaee397f5a3e01b5cb3b6eab9f5e562d1ae99783a2e58cde8b900fddbf2c31b9c6309e5d2130732051622056c55c580c6433fe59e17044ae8432dd0d15f16366f5fd4768c2a358b45e012e1cc366b28e458635e49deacf37f902c4936527609f24a0a4e66afff82b361cd4752c5a6c74cb229cbd62bcfd9b01f10a6960655f4e07d9c7750fff7b2067ee6b2f063c5f6f6cbc4f65d79507afd3f1313361cc35ff7d6dcef57cd264847134d511f6e82655131966408466b7bc6bcbfe7a84a1bdbf69fc0c614c3b10a890ee7dd4a32cda09bbe40a0dc782443f0bd5a9fd5d99db38d06c6a82669496d64078cd9bae9751e2ce257305e1423e43528873290fed5bdadcc9891bb584c0e3edabdd4eda0c1d24a4e118a340b6fa777c3dd58f72ccce8e0c5f6b28cab88bac0e4616c673242735a7a20a7ffd5cae914a0de7235618c2f57b7038bfd8e539e970be578d8c19d4eda91781964e63dce6114e7620ff449c10759cd3489f961fd8dbe09271b5ff73d362bb6822bf592b612e77b4cf17e89d1f2b340cc28b273b0b17a4f611e68ba608a78ee5222f64c2dbb4d3ee5b271b992177abdeea709c4de79058d6ac236e8215983aac02040c99531962a8a41809c7e446c029f0cbf5a863681c09ab404ddf5e235b16fec38c27e341144e8063e63537af488fbb698b4964eb7abe9b9a5c43fdd56a8339a7819251e907bf0a1a6513dae3162d3e6d40ac1539b2dd39d1d49ffb2c7f227946f76b0681d04f938a62cfb8aec9886a23769e9ac94376861126b92a7dbcd1732b70d65c8345902dfba249e5119d8c2d082e38fe22ad2a51ddcbcf5b8bfa0e0832aeace2b0dc7a41b54ed69fcbe286ebc4401998217fea057f5571a70a1d10763e1c74ab68dbbe51ade7a94a040118896332797cc34ece7a2b6fe4f153199dee42cfc5bf3df4a20c0359e2abf5fee7a7c5881910dcd2f0b1b1d9a9deb7ad906cd53fc446ea64fc3bd3940db6b64d1117020c37cf7ffdd7c50e848e8316e38d8cbdb980ba5472756a00af9bd727fad026fe3ebc8fd1bc3344bcc34591e3eeae6740613b2d661cbe1057d05bb15b9460000c1c161396ce19a5f240ba36e44966a195250d07e1282d51eb9f93f9f728d06ea457900bf50fb4f2b0647c8bacb8d74ffc67a5aa707340d41fec6f9996e83f3807c25726c550e14eb55d95080a84a36d7f36618b86a5d62a3f29a69c151515c38cf3828a9e9e1b545dd2638b80e485d7a2ceb785c606ff5cd23de37e066535eb3ec9c872e18fa22175c52d50ec1e8105d611c3c37aba722492fe6550718bc966d38cb9367d95722e25e8379bb38795360b927e3a5f52f3fff64dfa1f6b8ae62002f518a0277cd6b22b576760722e6fc0602d6d5", 0x1000}, {&(0x7f0000000180)="cffad9ba3b9b713b618b3e8b4a85f5a845be5b6a843661d2cff8bb11a6163c0076a6045f4cd4dc2c92f039e48cb863cc8e18ee9f5e3fbf7a6741c957f3f763f6231bfba2501071e4a22a74d8", 0x4c}, {&(0x7f0000002440)="ad36dafbaedc7551e1793facc4ae110338018d8f5ac1bc43c6440db45dc91152f0edb3063da45042a11d6c9aa14302e746afbb3d928782e37c300be1b5bab4", 0x3f}, {&(0x7f0000002480)="80edf24c30b478e5cbaf80a146aee21a5c71d8b1255095eb94e315980d94c8d10839b68512ad7d8615c15165bb881bd9dd3bfba3eee784b89241f1ff670a51c4fe06259f15a8f840c05707f7a02f7d7376d0c88037e3a735976153a9fba4958734567f4f43c8c01244c7790818bd5de74a9d4a17b618ab7d2f2d99a30a505aef85f929cf6c3450208e879a7f29d015697a5c862ae424db4f287a4d1f7445471b9441a14ac6ade3fae6ed7d5332072789c858c90ac310d0ea8704454ef3d5e0460c63e4d3be4849af7ec3807ece78954e41d3b8215b2353515c2b75c2c9d53884cec2e979ffa72a3b4b2066332bdd34f66bb8c2535d9642a1de2dfbdbb0e481a6d3c6e001cc184e96825cb234cd36ba5cb4792c91bfbeba632b45af40f241fe0e20a339937cb3c594b20f3dbda041a10ad0cf324ff495a1fe023b34bdbbc99c062eb78c7b4c381d5cabf95aa96ac46cf4b7996fe7f06605310ff980b1e082e4c2509d09808f7f41216183dab00a6b9963ab128e60b5962674fee04fa82112e074449c7258d99e2909de4c69d14eb172a41f6b4e30e829cbbd58591b015881f2f8c7fdd541635d773c094f5ef214a484478073e297037510e32a38777fcbff73493f3fcfd02daa0dd6ec5edaa9c13fa4db1fc69e8045faa9d4ed0a0d067376bd54aaab58ee822df34c0c6dd28bfeca4cdf882d0fbd552c391a7430ac1e97f86b4ce40b170113d7fd836b3520f33fa6089da27617f072b0bb780a5be303737a6d95576255a2e2a137fa10eff4c1432b438c9e7b64f5d743f8d2490fd94f10902f54110e73829295b20d99a47f36a401795744c13f0f5fc869293e61b40e8fa9c0ede1a9e5a09b694bd0e1909bc660c39c4034294e2fd1246bd605771ce744d33ca29c6198a00e331d3c354f460b303cecbeb03f4060405d57bc4acf4cd0db9f7671aa450a64d9e1698c156051bc30d6f569c88f7e0d250a920f9e5cf95996aa2bb99e00c2255fc48754aba3408f3d28e7bde7895685e9d8273c048601e4f91c2f29d448960bb4961a375c878a37d689df37b130d53c135e7c1bc7598c46d046e6e0202a78d56b38262008f283df26be8234a5ae16da12e3c28587b18313c81fec1501864ad639bc5f393c8bd9b17b09c8ae681084b1c535f2932585b1be977caf114f87f4639c017f43f3af43042c44879b0cd361d019d437913b947f2f1b26a74d1e24c30b27ae5eeb85f09681444a0574660e3aa55e56cc771691d08d075fd2bde36dbdcae297b91de54335bc28e5de0c71cfb18d35af321f77690c01d5cd431b753dbb8c995eb902b6a479b69548942d0a1a2cfbcade1278859512323e15994506d2100d8d662cf492780c03c4300dd6cc2c6078bc86388535fa4c62a21d9d2b5a59e22f2413e106896d574f956cc14f9523797e34805373917889e2b8c881a735867138998b9a856a254ca1eb558d665303c17c4b7b1c50587f724fdf9a08c173747f43851fbaafe3625a45536dfb0cdba00690d0e2914d4449914c28395d7259c1ff06deb881fe01f810b088e35b373f5e454a8fd61cf373a0cedafd98916ca623d574a81758a2c65c88bed524c34ac4351536bbe326694769f30afbb2df5dd7bcb11d469650dc660a5213b84bec70384862940eda6a022dbf93454c583aef1ae5524322e8bdcbc3f6a0b1034e2487ddb54c1a550287f8646ab3085f553576d6f0bbc76416aff408205c72f5da56cd6f5401e232f83d316cae6051d701d3aa3864cc6facd9c26ed47b057c9f8edc4e6a9bba228d7bcf2cd5d53e32ef0bdd6b94a087525f9e0c69d4e234bab9ad314a37b49497432c9a39e2637fe34b160e2c6716292140d2cfc7f4990eaf77c657ef4bcafa691cac5bbe35e44654618397d05472abbb26ea1aeed5ce8067d608710ea22ffd12645bd348588e3ee1f66ec37b61b734b082b6f724e6f67ff5987fcc361bbcfee7586b9ce0544a6f51ddc239c5d00e0b4ef21b1d63f5201a6f13c460486e5b6d7653382a766118c8e990675c3bf82cabff968d1d5db270c4bf8ad4f347c37cb66b185a79f8604226bcd7ab9c42aca0c074c8b4ed0de8fbebf85265ca9c8511951a1d308dc585d9ae64d2c8973a3a2d1fe479ec162275a16b8937b50d4579eaf2021edff939d8e17ddb49e2a9528b26275380477e86d14e8cd37b8339e886c09b5231721792ffe61472cf52f3371c48c221fe6f202db1ee67431458edda59c88fe6a7795805c240fcb0cd14f2b2492dfa1f7cfdb2e52c8c34dcc123d22cf4cef0e03b7a5eac665eb1393057b0a7951468979effe03e6ea52f293684d5177e23337f2c9f064fa358455f8fa1403fab9a008306131a7f42af90c3bed9cf1565d79fdc31846861ac866d43a87136ba096d624c2fd4372b6e72c950cceb9f9b9a3d763bd6b28191fe814ac1581b40996b99f15f8270fc3f54e800fce09bf56078c1d67b57ef1d3576dc05e7aa32c3a159362edbb06e0cf4cfd7ec66afbe39cf829dc12dbee3ef43e208e6b7e171a4282acc2e14eadbaabc307992802a6e6a8707d7407d55083fe3f08456ec28b0fa0fd84187ff69e06620b35b590a4d2620628c1d2af41a3ba18ddc11403f44e703263f25373cbf69e82d81c8bd9b3fa9625d4d0350879b4c2988bb6bbf24e79e8f66cd7c214f7e48e3328f9a186ae662a1e75b2aacabc33938c3a2ed887a4045b13c2ea8447452fc67fbe9b207bd26e7908b09a5041c3062d24f648803f24655a924871192c5c74b723d2f2dee434b1980d9ea0780c7a7031d90baad54c0bf90670152ceedf9f1cdd667877d76e34024525b5669804aca1f50518ac439debe1a61c56f840fc99674521255914b19ab0b7a31fdc6ad8214dae46e0d98c17cce0cfa31fc2d9d58bbdc41a1b3a6c8708cd5b868a5e037476e63d40aff56356a2cc6b11727c74c0931431628dedc7ca951f24d7f216e5ca52ff6a6ebf961c02bd3e4605a8fab01a3e1305e172e479b77f4522c7c103128551bb9a3c00efea3077ee9fcee837556d1cf1ad2fad6473e3aa82187152668ce52c295dae218a40de8bdd99abe2f1d4baa1be466eab20a319cd32e1f0a05bd8eeceeaa012a3ce563d5d11899d9b904c58119e348ffdc9964c41518829df277f1ce3f25f8d89ce1661e9bfbc015ee529e1ec688418c35e9d78b4494a7e624864e1999f81d7abfcddd05848164fdf656ed875ee49e92001a87f7b88d2fc69d0e61404dffd5ff99c3d4f48ae2c6839e5f13dd564b0653e1d6e98e686da7946e7268730a3d6d3f22fe67208ccc6f2401973fbab76ba329f300531606212729d9fd43a3f94f788c04e4c327db1594a6b550490c133cea76c3e5c76fea0cb4e2f851d9c087d073401f15ff7ce8997b57483f461231c676d439a17fcd76e97003c6c4f2acd90ffdc37f2d3467eba2306057ae67373328b58d3d72af5a0edd3c26dc5a1265e5bd7143fcf2497584d6555e303cfa4e56d6d782f2fa81a27e3475e7dd098b60cd436b036a9bbd4c63a47f4f1913c76f1722578773b54b4d803ce31c3f9afe6257ff4be479bd6417d0f6d1d58e69fba01600f3062cc78a03ed150c6ea3fa721dea3034031b030cce4d61b1b6d72fd4288cc03c052d8707200d0abcb08b1f26bae074dbc0003596a81ecf6efa635c6b5a40e1a4f5bd99e2a745df27c58d82e109d908bd2eed2cdf123067e797aee8c7da174c61ce1e50fd6f325646916d63d25de6f8abf80e8462967ce43db01095a9959dc87127e6e7868b51a10120378086b57606d1752b6f0cab94270097ca12ce23eff037dc9ffcd7865a382152ceb353972ed914aeeefe9d823f6f37ccd2defdf39643d4a08b97693dc8b153659058921607f996e6819601ff8b7a23f95c33da5b7aa03e424ba8d6656debb9a6b8e8668a05f105702c809e08261afb133a8b441946beeafdeeaa5a3846f000d7931c55e94a172a30ec909c5c1b86eec672687b8c00322f109c7fc821e6d0ffa42ec9fe134d8598d9e693a6a21cce20aa02293ded43220010aad8c1db3dc6b69381b17504525d5b64c29a9e6729a9dc1e1c7a093fee779bbd48752497a05f2e84a60f2914d9ed4bfb91f3448752f8d9e5f1804029a9ec4b8ccef713cb032378ab237908b4d20b0894264d081358c0c502b7773a3e21192fc4767e8512cdbb51d9950eb5c773687d3cc06323b29befded7a217bf67d4194fd794b66e888ef352301eab9e85c30a83f3b58a1452d744089ca5d66bc4dc7dced087006477e8fc7ee9be4fe0b46a7863bd6f7f10c1089e4b1154202099b2bb7f42e2dbdbade56341d76d4df129d6b801e7ef3820de0e9b4e31138e6aabbf219a1d2a6e321b91916dcccffec949cf6b369aac5acc2cc6662019b8f6381536a50c0b8e32e027df00eb6045008b95ed8f067ace0ef091d10e9c44fc7c518b054564882c4d9d8c7c361780188e98f370227bb6c1554372f9511605b47a37b6d416f37983981452920ea96504183b209d85ad4cc265a0319b721edb088ed349957700c52d08f54df28086538499801346de471df15590b57ab453ffc25ce8cd14d4369b8cbdd35608e1804b3a7475a65f7f115e5cf74cea6ccca462c5c7413c4e353169db3c1666f3d8653f1c2b8be1caadf3f93f93abf89fe99449fc8c73cfa4a25503b947056afa2af019c4a8b74e73c7696e41805d1a1c1d2f13b56b41876daa588d7e5876e98f6201df89a6a471a556081bb32c6ebe96b48bcaffaa5943e90dad814283bf39177f0cd9011f803e073b15388c2c3a0742da1326eb8a1ad253d78cf52528463682d2e52f6052669ba330755119c9a9b9136bfc8ae9941a9826a033183689772a43f8f645ceb28e853b6defda0c293b3021b2b9ab8e42067e439e9657258441ddf851059f8c7d9325a7f1dcc35fcc6f1ef6cf9ea2ce8ed96f8be29b909215ed3015a938f90fec71c1bb60d0c88ed145254fe2c672cb7a9d1f93ab0ce0566fc2500de578c7dcce7c134756c958b7e34f6e27b9db1db75769acfbfa726977c4a678b4f0c22957b254e63721df1566dcf9a159d8019231840f8c67c29efe24af08ec0e6e4e4dbf54f00592f09e0d1793ab4d2d98fea6b5f46b80ef73278f1b17a456bb149e4919df5fc4bc4dcb1d015345c8d8629160f921b833f9867ef81467d9206b83b28173ddb4f08a55bf7c2d460755d2d103f9becafd26bd3d4da0c04be43b4b8037cb88b2deea045c3ae07202b63d906412ae3b07c8c52b48797d0ced501a310c12feac1ad7f30d4a196465151613ec9495021cde09996b0b7a0810fd58ec540e4fb7306782499107995ce6d688e7822cafed7347a246d7aed95361a223d733f848cb8a079b3ba440f8cf45f6a05dc32bc08056b017128a471bf760ad3141eead0d60b6376bb08b421763bf087a212d07f084863f7f68bb6ebd6cd339330282da243c06a72b6f0c7921faf5719974b8b2d1131500903f3ac45a794a2ef99f2692d81bd241d6352ee26d6623c71043404f5e9ad68caf04671150846407bd3ff2c87b5609b1702cfa63f4bf787182f63e9b9667edb465219be2e23dd5a42f97b7d3b08da0623ca37dc55801cc2e0a7befd64b3776e2f6c7f7b2de7d63323ccdbd9d3d13cdbb46cf00418106aa47f593f44532fe89c7ed2acb9a3f3e8dac4c98e5d2c4f6548279adc9e15d93d1bab76b575198384c4bffa8e9c51fcfe65d01ccdf79717ea002ccdeb4c789e67d9cd34489eda4d70d9185deda3a971d5387d498aec8cb4dfeead6be04670b7bc3d0cc27108d4fdc", 0x1000}, {&(0x7f0000003480)="f69226d3aa79ad3990ca6601ff70f8013bc88b374c3d185f82e5494defb7a4c6be1b18597769b8c2a7593179aee29214d895041c125d999d205901af8f733ceed130a04ce42bca40c5340278b54c2a72e7264627b7615ea81718f35badda193dd8ef9862196f815d90648ce856bcddb9f71239f0fad180f15c2fb67a66810be32b16a45574197185c5908d206417d5a7b215c2cfdfd0a8fa14304efe363586ef40567f39956d84", 0xa7}, {&(0x7f0000003540)="a6c6a6db3db777808a176d8495021e69e9cc82c052a9", 0x16}], 0x9, 0x627, 0x3) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(r7, r7) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000003840)={{0x5, 0xfffffffe}, 0x100, './file0\x00'}) mount$9p_unix(&(0x7f0000003640)='./file0\x00', &(0x7f0000003680)='./file0\x00', &(0x7f00000037c0), 0x1000000, &(0x7f0000003700)={'trans=unix,', {[{@cache_mmap}, {@msize={'msize', 0x3d, 0x3}}], [{@obj_type={'obj_type', 0x3d, ',\'$)\x83\\'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'ethtool\x00'}}, {@uid_gt={'uid>', r7}}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, '(-'}}, {@dont_hash}, {@dont_measure}]}}) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r6, r5, 0x0, 0xfffffdef) ioctl$F2FS_IOC_GET_FEATURES(r6, 0x8004f50c, &(0x7f00000036c0)) 10:08:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 21) [ 1531.337219] loop4: detected capacity change from 0 to 40 [ 1531.345215] loop1: detected capacity change from 0 to 40 [ 1531.347553] loop5: detected capacity change from 0 to 40 [ 1531.384121] FAULT_INJECTION: forcing a failure. [ 1531.384121] name failslab, interval 1, probability 0, space 0, times 0 [ 1531.384911] CPU: 1 PID: 8238 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1531.385457] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1531.386004] Call Trace: [ 1531.386196] [ 1531.386359] dump_stack_lvl+0x8f/0xb7 [ 1531.386650] should_fail_ex.cold+0x5/0xa [ 1531.386942] should_failslab+0x9/0x20 [ 1531.387213] __kmem_cache_alloc_node+0x5b/0x400 [ 1531.387534] ? iter_file_splice_write+0x169/0xcb0 [ 1531.387892] ? iter_file_splice_write+0x169/0xcb0 [ 1531.388231] __kmalloc+0x46/0xc0 [ 1531.388476] iter_file_splice_write+0x169/0xcb0 [ 1531.388816] ? generic_file_splice_read+0x1bc/0x4d0 [ 1531.389175] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1531.389547] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1531.389653] loop6: detected capacity change from 0 to 40 [ 1531.389932] ? inode_security+0x105/0x140 [ 1531.389964] ? security_file_permission+0xb5/0xe0 [ 1531.391320] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1531.391703] direct_splice_actor+0x113/0x180 [ 1531.392031] splice_direct_to_actor+0x33a/0x8c0 [ 1531.392376] ? __pfx_direct_splice_actor+0x10/0x10 [ 1531.392742] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1531.393117] ? security_file_permission+0xb5/0xe0 [ 1531.393477] do_splice_direct+0x1bc/0x290 [ 1531.393789] ? __pfx_do_splice_direct+0x10/0x10 [ 1531.394146] ? lock_is_held_type+0xdb/0x130 [ 1531.394463] do_sendfile+0xb1d/0x1280 [ 1531.394757] ? __pfx_do_sendfile+0x10/0x10 [ 1531.395066] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1531.395442] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1531.395834] __x64_sys_sendfile64+0x248/0x2a0 [ 1531.396173] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1531.396537] ? syscall_enter_from_user_mode+0x21/0x50 [ 1531.396904] ? syscall_enter_from_user_mode+0x21/0x50 [ 1531.397283] do_syscall_64+0x3f/0x90 [ 1531.397558] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1531.397934] RIP: 0033:0x7f19d5d86b19 [ 1531.398203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1531.398568] loop2: detected capacity change from 0 to 40 [ 1531.399439] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1531.399457] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1531.399469] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1531.399479] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1531.399490] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1531.399500] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1531.403155] [ 1531.426535] FAT-fs (loop2): Unrecognized mount option "0xffffffffffffffffÿÿÿÿ" or missing value [ 1531.430266] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1531.489242] syz-executor.1: attempt to access beyond end of device [ 1531.489242] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.491076] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1531.505695] loop2: detected capacity change from 0 to 40 [ 1531.506733] FAT-fs (loop2): Unrecognized mount option "0xffffffffffffffffÿÿÿÿ" or missing value 10:08:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 22) [ 1531.544129] syz-executor.6: attempt to access beyond end of device [ 1531.544129] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.545906] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 1531.586507] loop5: detected capacity change from 0 to 40 10:08:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 19) [ 1531.661604] syz-executor.5: attempt to access beyond end of device [ 1531.661604] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.662478] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:08:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) statfs(&(0x7f0000000000)='./file1\x00', &(0x7f0000000180)=""/92) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) r2 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) io_uring_enter(r2, 0x2bd, 0x0, 0x0, 0x0, 0x0) ioctl$FIONCLEX(r2, 0x5450) io_uring_register$IORING_UNREGISTER_EVENTFD(r2, 0x5, 0x0, 0x0) 10:08:55 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:08:55 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1531.733819] syz-executor.4: attempt to access beyond end of device [ 1531.733819] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.735212] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1531.793729] loop1: detected capacity change from 0 to 40 [ 1531.824680] loop2: detected capacity change from 0 to 40 [ 1531.872292] syz-executor.1: attempt to access beyond end of device [ 1531.872292] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.874017] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1531.892705] syz-executor.2: attempt to access beyond end of device [ 1531.892705] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.893567] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1531.921030] syz-executor.2: attempt to access beyond end of device [ 1531.921030] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1531.921871] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1546.022977] loop2: detected capacity change from 0 to 40 [ 1546.053403] syz-executor.2: attempt to access beyond end of device [ 1546.053403] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.055074] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:09:10 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 23) 10:09:10 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:09:10 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:10 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:10 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x6, 0x4, &(0x7f0000001380)=[{&(0x7f0000000180)="cb4fdaa5194cc76d6a8aedc9e60e7b8a4120a5a911796131d3f7c90ce5d9efe011a04740568e85ce3c70638426d7d481149cc515086d2836771ab9028ef46f84cbd4ace543a680b8bfd71bde6fe5ef3a69be9ff510e178b067e9079e940cea0ce52874e32d7997c2c6a3687956fac3918541dc627037e2ca06410823850f", 0x7e, 0x4}, {&(0x7f0000000240)="3b6a07d699755343e72898208039aca8423517ba0c5bd74fca341b0010b69731aac201d41bc273e249e84df014f71651e828e2d44e561d1804ad4478f71e4bcbe4a0b1ddab71ccb356f8b91b1b288cbfcef372119e387ff44a34bd5664ffd355641585", 0x63, 0x4}, {&(0x7f00000002c0)="07f52178df0836852017c5ef6c47802a723f9154420162d4aad4c362a16eada32f3900e0d77d1e1b7fbe7d78b46a3fbcce8ea45343cdffc43eedb1eeb014705c064019e8c25a1dc474302bb0d72ce31609b45a96d892409ae9eec228bbc6ea250446f1b4e5a95c44c75aa8257df73e829ffa52f2f850f4ea87d717ac63a4170d95bea5597bdf5d47e7e3507206b21795d78bd601ff3551bd1de8ae95e23ccfa74f18ead6d871ea1713c6048b02c9f0a5e258303c1a1caa375f877b632e3518c50c161d6e80397a5e23909717cbfae6978979a9c8211a8834635c1ca822fe96faaf93d43c5dc7de363044036879ec8a74d2f58671f212fcc63c5d03d5eddc290a683b2aa6b31121c8ff1a2821ac215b2a65ca25f9d9f225ac4bf2696d46320baa9b9ed534d1fa160fa9822e74ccdc6e2e4a04e81fa9637cce4dfb4790a1b32be4bcd1527ffceb130119ec52021164dacabd8b5e2ea2bc2729473306b543b5e4473d4e5f20c1940b59ee6c2df3cd7a0369f1542097cd3170c9af5148710b8c72c8c4bf9ffc0372b225bd7ea023923d94f81e3506e5b00a652c835746d599de8798a97451ec0a6c5d883437a1b124d7ab547223c5d0197ef1a2d6eae2e3fae7b92a0fa1f7264dfb945a9f488f1af83a2024ab348b009cf9d03d25c7f9116dc6be781cca560b3859fc523aa464402e313787bd51e9959f9931e50dc9b956ac60142394522e33193547138048b9db25b711440b79f2c1d85ed3239c1add9c03f60aa81a79c23c4ac11b08819a4986854be0502292bc21ffb59bc7ec54f4fa2823d5284a662c75df7756efe0eb34c785ebe8e83a20d126d5600199bf2ebe94f9d45fe2bfde043e37d94147410d2372fdc3df5687cea2a1222468b62eb2cfcf617a1d33a2f134f814ec4df0872cc9fcdc4a4841566813e3c90336f0136e6d5038039a9a39371ec840cdced95caf071d027cf5904c040a297e4a074777f65f5d770ffdb09a64d7aa7a76c3b8fd7e0f5fdb386a58256193f07741e51b31b6f4f3be1047b5e3508e06e0fa40b821763affc3855c9604f3cb55408a16193be93a477cfdd9879fa828c2078ab044ab1154bc209c06f77bc58f494fc46da69bfcace7103d7c1d5b29e872fb52bcf7b43432a997e98e9322c441e456d3f67e659d426b851c458fe3f7cf1ae8ddeccb0cefbd6de7b397a81dd1d71f87dc3d934ce4c121a4aef6512465c78437f62800b4e84f6bb654ffc4ade5d7dd315c868d39aa7a69a4096d7af45c02739c393312385c279cacd0a968378a11dd5b90bb9aebcfbc6bb0072f0412a9e80fcfdd054fdd65707fb513cd58269766c18567f7160d63644bd3e6c432deac25ccbd8aa4f6b3a5ea2cd77b78ee05bbfba5dceb3f720945f01aeb4e002f18c55e97622967a39ad1d98730530865ebe9363e104526c410674bd4de4a1e060b55dfd5c29e134a51dc9a5f1e28514caa65794241f82c872f8df54ea4d9c7159873ebdc45e31e0cef2a16a42130622752e629846ccc90e2bfad45a06f5662ab5d78cf7a3d53253123cade709dbda303e1cd8d6eb319c3f995c5456acdfbd62cfa4c05f154cfefbedc06bfe7d8b5f302cb17279fe20b1ac51b91845361c1fc1a3d7021229f4c650727823100b58459900db17d0229370020672c5750bf82f8f4ce64fff155b2809b862096425798f06924e3d0be6fd077c47e9cfa6a5414f58d372ad69d9ac7ae382330d5610eb23d4b01804e48f02640d3a983744ba7f5ae1be039b310912adbc79ed342cd65348f57972ba8289b981a7a110722128acaed419d09b1760cdf1f837318854e50d3db6a0b167e5d20c9e58a41b03a126e1cd9ecb08210f3b804b02a063fedd0870e32ed772c63621e2aff4fc2e41dd5b569e64578e0ed0a7eac84b158f9ad0925cced669e29cd0f05546d601a5e115b6e764442ac098f94f8635e6f0bea826607d3f352f18a9554b5c2768aba88edd02455d34e2bb38a22f29f03cef94d3b1b3cef541fde7f5478f695cbcaa56aeeb71cfa143c88dccb65e015030c0f249a3e03572a16c6a58387cd9345cc8048413af14dea14cfeb6708b498d12bacce07b0bf53d9a2720f0707fa2054e8e29d9a7a6b7c2d32a804f4ea812438782fd020211c515de5a5f2170ea04cc5c7965b3ff2d49438a101803b7705a0e7f7df8287d725582213d903ca37dd04f52ce6d86358341505b91730e23ce7c4c0992f2bdd118de70adea7ac28ecdef777ba70f65ad81e873e4bb2d5c3c58c85ce9a219c6b4d28bdced12eae1ffe4fa4719519a4cd8b5343d2f8bc7dff8fae189fbe3db5bd3084c0c2efa8254bd18d25ea8efd0039263fcee98cc6dd66da38d3ce66b5d12d0f01877d25345538f6ee8281c27b3eedaa719f9ab297adf992cc1bc6ef9483da8b74bffef509164b7e7fa30e98d2558f673ada832562cb97d857bd5222d2402f1af0e44fb52bf68b4a14ce5eecbd30216871bc6d16129332a7545f287c6b149e4fffc40d3be325061d2282449fa58721e0a314462b49a5e36dc021e84be72c9e968bc4fe5d85d23eaa487c646693daecdbec1be55a3eb0a165fe8c3c195cbb3a720b7260073a6578d2632797691ca47785073b02eb185abcb917babf158eb2c3bf0daddfd6775bfd5e5da6ffdfa143aef61816ff6cdbe0242cdd6e27e4ad9ef21e5e2faedd0e3bda1f5993a2e06f77c82c4c5dac7372b81804d53e4ff0cdead0c03572bc60b8294085053823914ad2a6e278e8ccf506225fb7a37334dabc284713765e0539db64bdfee6397ce14da5de4902b902aaff99ab44e2de121a8255bb963b2e2d74aff8204c9ace470cabc0115370c3337b69b6197de9179c573af84c5e58c6db4c95670c283c1f29cde65acbba4913009518ae8be632258f53c43fc62437cd2b0dd1cd2db10106ee689328678fe376d9cd49ecdaf34319a811359b8aab2ec5bd576946b89b8653751fb7f635a5ee39a4080b2e50faf79ca0c7393dc593d76521a8de30685d06dc815571cda59854464fe156b2d203fe459edf61291bd44e3b2ad96fa6170230d29a0ebc11f7273464e8c60ef077c1e4192cd20c4d895613573c53209aa5f7fc4df8bfe727c3ee4873bd6e367befcc0ad3d2442db520cfa047bafba42620ae5c14084d7f8ab39b564957c2b6dbf46b1685f8ba970bd66209c5a9aacf4a6a3869cd6c101abc7bfb6525baf35216d259206934fdddd8cf12dbeee968d0a2ac08006bd9189628a3befdf37972fa8ff9d844030ebd50c1e5407a470909ac632d0b8a41be62a953a701ffbaf28dd868a5856e5328c1a9c2435874332b05c4d537eec2a10665425604fc689cdcd0eb9bed0cfaaecfe13355453469fc74872e114b727c3b3c454f5a1d69a81d916b4ec29e297eee2768810f64305c53a3d4b3955d1a7f63ac32b94e0408ef33956889100b158f6cebf7c9f7830299946b232b87c3dae97c82497684d29192164355aedc53bcb1bb628772abe7d09c284934ca33da4d720ab37488dcab38e5a0b395dcc852fd1d83f9b6ec72a912ca052765fd91fa4dffb9666832603722c0b5381b63e84f4076b9be3afaeb7cb16d2185721c929bd89143fa7ecf84bb47fba7e4f08a30594f7b34459540dd3b1a1c032c55d7b78de012c1e55c632e0ae8fa7cf208a257a70fe99d5b41b764e9e32f2c2fa285f9b54053b65fd481ba16b31ca7af95bbde5220055ff9405d8eb55cc343e87238f7c32a2c247bb63bff108f4869928c36b9f87e980c8f0085157f5437d32a62387b739f306c57bb91e99e48a73521edc18d88a0342774e1cd44fa32cdad8afeae41ac9168058ca3edff9c723b3e9d76527c81ba778944bc863c18aaf6b3be2185173a59983210d45517433b16eb09a0e69c37d99310ea159da4b1f9730f79233bf4cb83d0b891b5c7e399dd76b3cb36567453df672b8b72b5bcb64b7afc0958b508df4b8d6f78a561bedac5242b90bcee0c5ea6ac63882834ef545b8fb5a38816aadfb5638482c41ff479926374c5e330cc23a4650b7b7c67399014ada327c1530d8f11dc56ad76fd335f4f08e91f81b85852d5a987b33dac50cdf1a2050f7f3767e6528bde778f69004cb3503cb5e30131d0082d3be2cb77213f8ad751733ef063c582c0566e38542c177f0f2a6103cbde00e1f2592d007ed441137bd23be5c2f87c4b423a8db638d14162cfaa7e759a9b4ea74038e6bff83333056eb0c5cb889deffef5b3cf9317a4a5c0c7881f0ce42340b848c09b92e3b948a08ebac0bc3544b7b63c3f43a463a1aca02c09770334470a5bf0bcaf5bad4ae63371e2d7f7bd1a4f3c5be97501f7884e4861bd51b73509c49106f0f6ea51498e76ed6e605af0c959d1b05fd81104e02739fb424b805169a7fc395c3b6f37c80644988bd9c3742a1a225dcc73aedd9f5c51cae6be8aaaa24d05ca9a90a7617ae4cd708e5c3c145330e419a40582c26898c89986f59aaf90b76287d174b86da41b69b67d918d9a8f11e3c9139745fa82093907c95916959872af1f1b98259c3e0f46ac3ecce6fd811e5497522dafbb94885dbb2b67f6c4151882aa3c7beb45ed2e04a5b81cb66d5ec67bcbbbee21bf09c37c6f003cfb85801c870a84b454a996f8dd94f2eb578857c270259f7c2c7b8201efd6b0a8814abee5ecdeb12110e85ed4794eb7082644e0d972607c5f9d5a49bd22710e5929733fd4c6c69fa6fc3e0f3245fc20dfd6cf6f635dc416c44c029584a562f60e47f727a2ece29b7475b5b6da9b49756587741cec78b4cb120252d0a57df763c13037c709814ee83f296b93ead74dd33f74928aedda754340f2663c3f09f9004a4b4873f9dc48a1cc3a7216c3287e3d0e0c448f461be7099694ace6377edd7c60c259be3377ee4590ff7f8b96b6dd2f8bad2325aa4f06cc929559fc8d1830cbc0843f4f56c8db4a90da0088862a63cbaa9f5eaa67a46122cce4eb91a07e415b9b1ee73e66f4b6ad876643fe939acde33f2d5f4a02dcde79bd0881c0160707f6f6b7358938b5ca53a0fa01bd957dc211956b7ac70927266c6859e12ac1a324cc2da2c2938719ab463c57d08e4f2bd237dae1c7633eca7a9533bda0e4d0facd1b2dc3fa0f28ab1e5fa9a7064a35136022b3448baededf2c253fd816615607a5c17899ce7e77dd346426c04d3904175fcf5b7f4a8703656bc3ea36b1b9dc4c949f8b747d571bf4ca6b2e923bf4b22c77595a3b14a244aa3c20b3d11a9950bf6ac9bd6075ec8b7f782278cd5cb32bcf0ab63fd4ed73e1914461f36d9edcdc609d9bb9354f702b75e99674f40f3dcafda68c08d5d86f34706ce1cd524299511fb159655a30150dee75d5da398907fa57fcd3e936adf9212f074ef381e84c389b6427f9d5c5d1f922f8769f5a479007c246d3ddf33854ddd008f7025b8f8a1b51a82a075a809249b464a257ad47102f675b40839a00880e52d49968fb61930abf2c0e335f62e3ea484f2eeadc5498c165edb873b51bbd804d4b9b8c252a07390cc308a3fe02709abd914d362837eadba5beade7bd79a8f1d859930181090a5b7526b8f8cfbe1f4ec90411c02845e4fed96d74765ae4e0b5e00b8eb83127c09a142386a05262b68e2745b1956887f4359934d050317d6264404b8b24cb9e02302233cbe7779bf7f52f79838a5f0089b32a34dc0f4cc03d4aa0b82a89da304f46c3fef1d75148d24c7c12381b3f6906c1cf5cc065a9e97630f5f80b698620c085d7d35c9543f4e0710f74974d720c7f0316caf0d41cfa6f20ffee8b0cf856d4a9378e07581c", 0x1000, 0x33b41ac0}, {&(0x7f00000012c0)="7f1c53c96505e737aad63086433fe88f700000000000000000005c00abfaf42ed8a26c3c92aa64c0c9c10d376b9d6aa04aa1ec958ee3c085fb1d59731dc50c98c129f9a71752f88eff72eb4fa95001c19c1e96ebd20f59362dac019abf32fceac95f37cf600d16deccf59a38706a0c8cd340b436be7b5dd4fa37d6ca2c004096ba4d8589acc9defbda5bad691fb0f53f98a4724b7105a21a90f28e4b31ff9f5c60f363b93c18ddd648c9c0518d0000000000000000", 0xb5, 0x5}], 0x400c, &(0x7f0000001580)={[], [{@smackfsroot={'smackfsroot', 0x3d, ']+)(*-\'\'(%/['}}, {@obj_user={'obj_user', 0x3d, '&#'}}, {@dont_hash}, {@fsname={'fsname', 0x3d, 'obj_user'}}, {@seclabel}, {@dont_hash}, {@euid_eq={'euid', 0x3d, 0xee00}}, {@appraise_type}, {@seclabel}]}) link(&(0x7f0000001400)='./file0/file0\x00', &(0x7f0000001440)='./file1\x00') 10:09:10 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 20) [ 1546.093793] loop4: detected capacity change from 0 to 40 [ 1546.102581] loop1: detected capacity change from 0 to 40 [ 1546.106706] syz-executor.2: attempt to access beyond end of device [ 1546.106706] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.108351] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1546.115342] loop6: detected capacity change from 0 to 40 [ 1546.125691] loop5: detected capacity change from 0 to 40 [ 1546.152469] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1546.211637] syz-executor.6: attempt to access beyond end of device [ 1546.211637] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.213433] Buffer I/O error on dev loop6, logical block 10, lost async page write 10:09:10 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17, 0x25}, {0x0, 0x0, 0x4}], 0x410, &(0x7f0000000280)=ANY=[@ANYRES32=0x0, @ANYBLOB="270883adc196a583b987426ae3c7a2cd992ca5f3557c60174148ea5d0a504e696172b38cff2017b643bc3f1a356e59bc3da4c418e48569f89e45bdab8fa382b5c33a312d912a0e53fbfbe94c9d3cfab541333c3c77c96a6ec25c758acc79ac05eb39fcc805750213147dc2d0e661d8c69d34203db06a7ce4d1419be82503d8f311c1b627551a5d0491273d2b986fab07ceb9ea378ad0d01113e7d9ef22edd6090b1b6166ea67fc495a83d4b83c7184a475434c59bd52a5dbbbeef5541a3719d63f1414a62b3ace7d2d81ef8ab9dbe8b9962deac4e6d6b7f222e19f605fb7ae2454f237328c4194f3bacf78720a6163e607472eb4b18e9997d6aef41190a7", @ANYBLOB="c4045bbc214bb186f277f999da355c2721af9b00b925a5f5a5d7ecbbe4893feb2f177703aeb28dc442e3aa8f073a17c89941139915ffe4acdef4af8541fa2dfcf1da8394415a642f7510eaacd0393c0248c4ddf76f25e9aea86509fc927c9259b37eae4119e4fa6050a7a78a6cd60cf84ff339e0e24c4adcd4ce4f74c293edd285f1e50d93e63b012a6e88dbb2806190d6cbec010fe0889dab4818c10d66541f3f92b171d55f60a026185ca6f85f8c7b74204eb6d4479dfbdea8f84563568f3bd8c3688ede25f59f51cb26e09236a37128012842606f3556ae30e805ccb195394797fa0e20164236cf0fabc5594e323848d01f2bbfd127f356117a", @ANYRESHEX=0x0, @ANYRESHEX, @ANYBLOB="0e859c0eadcb1c789e0b2a74bb327ad7aba66baaa89b32c0a8c89dc3821910e5eb2b281e1a39207572c164de1ec716caa4a2df4d", @ANYRES64=r0, @ANYRES16=r0, @ANYRESDEC=r1]) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 1546.285737] syz-executor.1: attempt to access beyond end of device [ 1546.285737] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.287308] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1546.302313] syz-executor.5: attempt to access beyond end of device [ 1546.302313] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.304047] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:09:10 executing program 6: chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 21) 10:09:10 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 24) [ 1546.430837] FAT-fs (loop2): bogus number of reserved sectors [ 1546.431756] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1546.541854] syz-executor.4: attempt to access beyond end of device [ 1546.541854] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.544015] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1546.567449] FAT-fs (loop2): bogus number of reserved sectors [ 1546.568356] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1546.601524] loop1: detected capacity change from 0 to 40 [ 1546.655492] loop5: detected capacity change from 0 to 40 10:09:10 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1546.729087] syz-executor.1: attempt to access beyond end of device [ 1546.729087] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.731034] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1546.738683] loop4: detected capacity change from 0 to 40 [ 1546.774206] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 10:09:10 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file1\x00', 0x602, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_register$IORING_UNREGISTER_EVENTFD(r1, 0x5, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) [ 1546.852965] syz-executor.5: attempt to access beyond end of device [ 1546.852965] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.856226] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1546.936569] syz-executor.4: attempt to access beyond end of device [ 1546.936569] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1546.938478] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:09:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 22) [ 1547.003930] loop2: detected capacity change from 0 to 40 [ 1547.195046] loop1: detected capacity change from 0 to 40 [ 1547.213160] syz-executor.2: attempt to access beyond end of device [ 1547.213160] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1547.214758] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:09:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 25) 10:09:24 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:24 executing program 6: chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 23) 10:09:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08000100000000"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:24 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:24 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f00000000c0)='./file0\x00', 0x10080, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') openat2(r2, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18, r3, {r5}}, './file1\x00'}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0x14000, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x7) write$binfmt_aout(r7, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r7, r1, 0x0, 0xfffffdef) 10:09:24 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), 0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1560.453595] loop1: detected capacity change from 0 to 40 [ 1560.475651] bio_check_eod: 2 callbacks suppressed [ 1560.475662] syz-executor.1: attempt to access beyond end of device [ 1560.475662] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1560.477165] buffer_io_error: 2 callbacks suppressed [ 1560.477174] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1560.503635] loop2: detected capacity change from 0 to 40 [ 1560.506623] loop5: detected capacity change from 0 to 40 10:09:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 24) [ 1560.554326] loop4: detected capacity change from 0 to 40 [ 1560.570016] syz-executor.5: attempt to access beyond end of device [ 1560.570016] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1560.571173] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1560.596092] syz-executor.2: attempt to access beyond end of device [ 1560.596092] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1560.597313] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1560.631809] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1560.634165] loop1: detected capacity change from 0 to 40 10:09:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 26) 10:09:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f0000000000)) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1560.752259] syz-executor.1: attempt to access beyond end of device [ 1560.752259] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1560.753501] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1560.825638] loop5: detected capacity change from 0 to 40 [ 1560.855493] syz-executor.4: attempt to access beyond end of device [ 1560.855493] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1560.856814] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:09:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 25) 10:09:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08000100000000"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1560.937629] loop2: detected capacity change from 0 to 40 [ 1560.944360] loop4: detected capacity change from 0 to 40 [ 1560.972183] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1561.017672] syz-executor.5: attempt to access beyond end of device [ 1561.017672] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1561.019383] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1561.037779] syz-executor.2: attempt to access beyond end of device [ 1561.037779] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1561.038942] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1561.072866] syz-executor.2: attempt to access beyond end of device [ 1561.072866] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1561.074095] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:09:25 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000001600)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r5}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0xe8, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) 10:09:25 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), 0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:09:25 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1561.161229] loop1: detected capacity change from 0 to 40 10:09:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 27) [ 1561.287792] syz-executor.1: attempt to access beyond end of device [ 1561.287792] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1561.289784] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1561.378329] loop2: detected capacity change from 0 to 40 [ 1561.400726] loop5: detected capacity change from 0 to 40 [ 1561.450168] syz-executor.5: attempt to access beyond end of device [ 1561.450168] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1561.451316] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:09:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 28) 10:09:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 26) 10:09:25 executing program 6: chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1561.566414] loop5: detected capacity change from 0 to 40 [ 1561.614062] loop1: detected capacity change from 0 to 40 10:09:42 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 27) 10:09:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 29) 10:09:42 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:42 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08000100000000"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:42 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:42 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), 0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1578.512989] loop6: detected capacity change from 0 to 40 10:09:42 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:42 executing program 2: r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x44, r0, 0x18, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x81}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008080}, 0x2000c090) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ASSOCIATE_REQ(r3, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)={&(0x7f00000013c0)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_CHANNEL={0x5}]}, 0x24}}, 0x0) openat(r2, &(0x7f0000000400)='./file1\x00', 0x40003, 0x11c) sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, r0, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x1e}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xc1cbbd66dad2dcad}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x4) [ 1578.536357] loop5: detected capacity change from 0 to 40 [ 1578.538463] loop2: detected capacity change from 0 to 40 [ 1578.613267] loop1: detected capacity change from 0 to 40 [ 1578.622136] loop4: detected capacity change from 0 to 40 [ 1578.678284] bio_check_eod: 4 callbacks suppressed [ 1578.678306] syz-executor.5: attempt to access beyond end of device [ 1578.678306] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1578.681182] buffer_io_error: 4 callbacks suppressed [ 1578.681199] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1578.682780] syz-executor.2: attempt to access beyond end of device [ 1578.682780] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1578.684948] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1578.741699] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1578.784152] syz-executor.2: attempt to access beyond end of device [ 1578.784152] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1578.785872] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1578.796683] syz-executor.1: attempt to access beyond end of device [ 1578.796683] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1578.798520] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:09:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 30) [ 1579.085682] loop5: detected capacity change from 0 to 40 [ 1579.197128] syz-executor.5: attempt to access beyond end of device [ 1579.197128] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1579.198881] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1579.335515] syz-executor.4: attempt to access beyond end of device [ 1579.335515] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1579.336864] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:09:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 31) 10:09:58 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x0, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:09:58 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:58 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08000100000000000400"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:09:58 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 28) [ 1594.963228] loop6: detected capacity change from 0 to 40 [ 1594.972089] loop5: detected capacity change from 0 to 40 [ 1594.999144] loop1: detected capacity change from 0 to 40 [ 1595.004122] loop4: detected capacity change from 0 to 40 10:09:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_io_uring_setup(0x2074, &(0x7f0000000180)={0x0, 0x77b6, 0x10, 0x1, 0x395, 0x0, r1}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000f5a000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000240)) syz_io_uring_setup(0x137, &(0x7f00000001c0), &(0x7f0000800000/0x800000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000240)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001840)=ANY=[@ANYRES16=r4, @ANYRES32=0x0, @ANYRESDEC=r2, @ANYBLOB="ff01ebffffff0000040000000000000100000000320000009f93d7020000000000000000000000000000000000020000000000000000002000000000000000000000000000000000da0000f5ff000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480002007863962b15ef7eaa956c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00170000000000000000000000000000000000000000000000000000000000000000e3debc3f38dd1ca2aaef108e651d000000005eeac0e8ec5d447fecde06001de1e587eb0e76d193ad3800000000000000000000000000000000b07b62c237c058ab7bc93b970a0fee5aefbc57f89f1bcc41562773ba827585c6867fceaba7b1ef4dbe0dbe424a2fb2c45e96dd000bfd22fea5e75257531b1172b2adff9f85b5b58cd0e81fda1faaa9e0585b43e6eb7f6dc73d0a0a9ec90a41ba15c0eb2989ca9205091a988c881c0a971077450000000000000000000000000000002fbc94f2086e3b4421ffca2db1ccfa0f5df920e1a8e4ac66dc36f0e614120ba25fe4a7b21664a4fd64adb0c97e35d579d3183c62be43655fc69a3ec15de581c86309bdddc6b807a7e31a9f3cedf0cf0b45d68d06dc2bf41c9817572e79bbdc"], 0x154}}, 0x0) openat(r1, &(0x7f0000000000)='./file1/file0\x00', 0x80800, 0x81) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) getresgid(&(0x7f0000002f40), &(0x7f0000002f80)=0x0, &(0x7f0000002fc0)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003000)={0x0, 0x0}, &(0x7f0000003040)=0xc) syz_mount_image$iso9660(&(0x7f0000001800), &(0x7f00000003c0)='./file1/file0\x00', 0x7, 0x4, &(0x7f0000001780)=[{&(0x7f0000000640)="048bf0afdb43a52b58122a9f83ceea5dc592da576522a4d75e2e1aa3b7d477fd62b5da9ce0452d6a9f8dd7d730436b5cf2242332cb24791e403c0b6a1a64ac5b", 0x40, 0x100}, {&(0x7f0000000680)="c365c761379dc31747a27ada13b841e2fd49be211b93f38280647fa1f68191546106239292a3625fd7fa209cfb1a696a908e1848f0a57cac3078383205694ce53daad22563648f393b5fbb037dc52f373c184495ad345355e65cfe3ea731e6cb72e16d3cda5d527afd8e6c907dd78c007f4887eb7c1488a116a9129d3f24a00d1b5a938fab52", 0x86, 0x4}, {&(0x7f0000000740)="7c2cc3c5", 0x4, 0x3ff}, {&(0x7f0000000780)="0677137f948ab43bc2b505141dbf5ef181da608332c22cee06e4a13382772f222637ce8cbd94d64d6f7b448f33500fb8378e9326b6a69867d9d6f10405335005a633046fe460f13f0aba5d6f30b049445f07e9310042f2ded8c7c236489611769fef7869f3b71e07f5cfcea3d6ce94d876b4168acbac71932ac8d257cff4beb67bca140f2a300cc4624fb98b5ad27818de06b84e796ccc8eef50aea4d0fe088c4e632ed38503d65cb387ac52eeddb2041d6ca5bc37870e85086df2e3d42e97ae99fe8aafc400c2a42c7f717977ca216e98a88fd7d92fb5798bff578f8600a8a42c943e037cad4568dc62f4cb1d7b11e1d07fa0b7ada6b60a354830bc1e07df3ffc9ca0bdf4b3066d7959b65dd90457c051214152eedb4892a5988176869215a1ae08cc8f2d8d51fbfa3a8422867fe387bee98a8e8f31d97756be6e520d06edb5893aa045bf80b1f3a53233d177933d233bbddaba6deda45957f3f8f704fe8f9c0b5b546fe5f90aed2302101e4bc6fb3fb6be1144810ce9a26ce21e0fa762be43b3b95941e2ded61017f9b32f1c61cf161c9d6feb6e584ab07b37c6b6ee0fac14f9243322ee0743a3be32bb0b96f5213b5872dd4d14c20f4077183408393851620a07657242fbedd5e73f0ab5fa1cd01188acb7cc92c14a81c6471364fcf72fa10f8f2a212b3a36d90b1da3baee5efbc84128aea76d0c3c5db1cd0770774ef44a13d5e8ec9deb51883099adbff659669a437a61d0f531cc4a03268d09b3bf6055fef852281e61bdb5ce7ff5d4f1842081322ce0598facd5d8e6774f0cc39c28f524fd0d2a9caa8c6d06021120e2919664028eb7cd09844d075ddcc6b3572550439b4e3d6f452228660f5d0716b663ef11766bde873212e711d1c43592967ae82277844aced8585a581db0725260b71af6d147e010e77b46b0e708feb8636d677649200d534c6098546ad9a6f66738540c1ce3553465e0e51c6b816803a1a86bc12bd0dcd00532c9040f46bb0bd7cd10c7162091311fb48e189db996d9aab8d34bdc9cbce2fc9f86add17fd36d3774100ea8c7dda38df7c92529bac274b8f6eb492c6ffb34aa4469f0e55e1ff64e2a5311b6b9912074ab7059f6227d82ed8d070099cd2a25d1b8d5f8ca749f04d4d42df9fe8dcf2c57d3da48b5260f7cd499284d15702f5d06d515b23bda426d87d57df874c5b5bbd153b5c2b536bf2f27c2d19300a34cab810ff2c66014399fb7afe5a264dca12b4a8db4cdff90d48da8cc049e1a42fb0b14830de24b55e6bb117a02a60b0113da00b2cfb1178c037f584e6ca331728d9f90996eebe31bd9754ca091a23324db7b40f1b9ef4763d0aaf5f6d45f6770523b2e6fcd081e7ba0b4c99ce721803c155dddefd436e62e56636d9511c4817062740ff6c5a51251e9b33b79cfefe94b882a3a464f02e49736c17de3890932dbeacbaad19a8857e4c55869da3243bc09bd0ff6b984e1081a66582e9f8c5e191c2cd41b6180579801d7779ebe9f90ad519abce71b3a9c40ddd99bfc03763d8828aefa668eade66659e1fddbcf626975c4179d6a4332c77f434bbabb7c2091ce5db252a622dce55b63f6b6898e5c140d627441dc4e59f5eded1eec5f1805e49ab705c08d0842834df564c612c94d37cbfa9b8bb8ea5bf35a9b61aa573a6f27a3192cb0848c1fd6b428ace511efb26f32e8409624dea0ccc8a9ce319a9de32cf17093209d6857c94d4f7a870de5084acb46f7844d16809fcc530e362eb1be5fa6ca0bedb63747f2e65980b61a878ce30b61814af055a6acae100a4c20a2ef1810f69fd48ad39bbadc8a8e9df9d1efa5ec88104fac90ed0609c0e86600d59b5d1398d9c341c0bd9427c4253d263f67a37fab4d4b88a97a1e102fda813071097c2d6a33965c6ec80b1b134a10100c111e0565cc3cf230b3d6a128cd99f4c6198fd970f8c2e1d33318259f3999e40f8ed64a5f7e26fe167cd207d9e5e444918ff6e2388845fab24723698df2f2c18d1103716ae35d936750f8aa5c7239603b1763a7fb58a260ce9c97ce9d08e97fd533e4ec58d4fe03394ed50d7358d4a7e382b3137e94c2a516a400e1014986e1803f4809939cdead5236575a22dd22531284228dc6520c085bf9ccf4b30e20b13158ca61baa40ba085e85f7eead8d904872bbe55980112e45f4189c7888556ecb145233ceb72dfc644c2e31eac358393ce3057153ec33ebe79980b82aa74b203e8f71b9a28f6b7b216f6a4c27e2792d33803e814e11f5c424d4f8c70fae216fbff60f2c7b5946edcab70ada351d5c7f3991544faef31770e8db80bbb678137732609d5989780ee7b65b53c328cf76839716ea7f3773499887f6d15d3df5084a2e3213c487cf47061344e87014329eef638ca992c20654aeb414eb7518b594d09c2a58c27bf98c2e693951cda1a57c4669f6701429eab7a21df1eaa390429e16304f7901687bf7110ff0b92eeffeea89ee664da000f5329e6f0d6834cbfe8efeca1494f1d29520bf6644e5367565d665b2058fce38e6b2997c05c9c882bd0eac8b7f75da7962f25f0842b093396b920f3d0de3793d00b0f481d0e1032983443689c18fc9d0dc311553f18655f90e0a364c2489de6a516aceefa08ddfd4234421a601b0f4a952c10b2e9fafe9c7a4602b9eb1871e9678a1f4178664d3731efcf98e33e02cc0b3edd07fb93c2cba3ce820d0f841d6d725ac2ae39fadd0057ca1ea7a015ed5240c2bc43029e7e44ae6180f5ac5f4ea67b1250de2a406a9b4b5339fa0857cffff85d577a9e17efdf1f244e1322517ffd20817a961aabbbbb13b43cd3f476b261c0c5a9919db226831ee86d72f2fbdac89ecdba245722751fe0f1af36afead644e46ce79136e980e0bef8482b0304f14a75ccb2d992fb1df07040dd3c8e054455b88c6e63e5956910e0ff77cd4a6b0adb3b58d43c95850d0b7c1c9aa13219e7cb30aeb9627e7568330fbb8755ecbea6c2f019cc6c4e0c0d186db192d4bc8ca9588bb0b732d75986c7d61b39ca461e70a84ba7106ff473c18622d033b4fe0e555c5b465064045b84f96db4839dc93b5440904afd57a007156c4055d16b042a1e4663290cd8a5debc5b28ea9e56ab8929cf729d050a938f0e7826c55c80569f27043beaeffc4fd7e3bc701347d3104c51bf31706be433aad257615798751df7ea167e0ffde04b56de47b37cedae419c692995594d28feb38605d3a38b51942f4357bc0e2eee73df24b848cfe8e7014916f7aa2e5828e0ee3a0b390c010bd0902cb0e337b2466fafd5374734a67ca39048e30032ae4e828fcf6d3ac2637cc5da81929bad69d34827740cf925ba81050c19f61e5a94a93801c1271bffa7289f3cdbcf15fb0f30bba1746376d40cb32cb86f38c3b547778e73e1b198c0e4f0c2a4c507d77197959bfda6574042c3039236a225676b8e6e73158d1c2eb01d1fb5c5d96104a29f3d6f0666a54de3b993b3a211c35d101806e182dcff906b05fe71bad3bffb8250ee05912b88be297e4898c7898e8f5b2b67629c0f14ab3fac2b1212195dfd0f786778f6757525e464a7f93a645d7140bd37da28573611d1238ec32feeaaec529d50c67cf73467549838b1e3d6bf6a0ded592edd7b6f0c82caf03fd1490f5402a9f740d0cd5a308820235d508e4c315ecdcdf22a6ae9ec84089bf355f209a8aac44c01a813ed56a83556789fa2206055d1c1f6bd4755fea85c6a6bdc51fd6306ebcb92b8e18020642aab2d9087509bc8d4a22bd992e4a453119bb8710e28c532182d0df884c2b1108e2e5ccd7f015fabad2c1aa8092374dae3f61d7a01d2d321ce0ce3db489dd7b5060add5b88c97bd00fed497d1fd457dfb775205dfa9d731443ef60684ab31bc9364b1de2621e660bf14461c6174e59f2dd7d56ed24e4d5e0c030c2e6967cc92fdc75666653aaa7fb66186e8d62b5cbf64f69d21781c8877e18631597847f21b028ce17edfe6147f15d30dfd5f51df9c4d5efd7d9e812a9590a3c30119aeb825356da3d90907a7fbfe6dda112272fb2c8fd3d1b48670c5b2f3e1923d0711d65da324a375d7f8862f6d3c2ff87aee791e2f9c985bbf65f2f8e4445a01a769024e6905db481d3fb2cbb2ecbb9cdc41b8c226ffb3b59406a884e0e43520011da194acfb52c01550e5b73819abddc65be84158c5309de5f1bafc87ff5548fb402492e5be9033671202d67ca060ea503639c7fdea546b92b9dc48b00cb8ebde095a96392e42e8f96bd52bb8cd163411ae273ffbaf8efe3e93a90fea08c42081e57901cf670b3f8128c50644f33455003c42ce74e923b3fc8584c4638d61ed533b099848a030be3daded99f85fae5f29614eb26ae9a89eaacfae397df62c10b5db447780c6db76068776dd5c16cd93f26452b2e7e68ed56ed8e89f8265ed317884c13176ff67880a5d84c196619427a0783ef8868f67926076bdaff479a3ff6bc153b291aabac5c7a616d1ce773221b898213efd7cf2efd9127fdd5b36f9c8728f4a4ac45cd4ccaa672c9561b016ebce9fd5e21e6c30a1e0afeb91fbf8242d0cabc66b96b04f3acfebf71818975b39be4b2aba599c6c65434d42618335dbff02523c7c72b0b36cd09c765992e2ca420a285e8baff4b563cb75bf06ae899cae703cbf2022e16c56fe549e53d2bbb344b2c9232741313eab4cbe5ad1e71330f8deedb7a32f12beec30943285c3381533daa8a8f51faaa6105804ef31c8ee56230a5b1dd2172cc7ceb091305d5dc4129d959b6a625f5625adb453e582e0584536fbbef7408a4e5ce41019489f01095ec36cd54426380420df9492c57657d7cb0c6fa2834175780e378874f5c3730266f3514b6d91119f285956e24bb77591884bc070cd569c91460bf7810e7e4b25481c3b6dbbda1ea6115b3d602a108703fd2e0da4ed7916c1e218aa66df58ce2be0af1b85b9e6083f1c0ea0c2d4eb5c62a90292c08993b034d489950609055e4ec2b830cb24537c367657638921574dd802cb5fabbd0b86f2c4cab4b12ce7104a6762fa688e07f5537f4258b95126533804ae94d75c18e5e164a5bd5f84d78257fd813f18a5b58d737e41a61cdce2927c23f34d354ee2235293af7c3d2097feef2267c1219b1981962b066269911a6621e494731ead39c95a85b6d6796a2a8624ad55734e7d6c39adf2496994edbc2c62f6b1fe666d9cd668c25e8d822cbdc5f626e47dbe64fe3b2e06a90726be63c9af132cde95b2ee67ed053ed0cdcf97ce43257ab02333b54d1b76b4e4d01080e43856b0a0fcaf22d9762e1ba8c221c0821b2bad964c9d74087e64428f5816d3c2721b5c607f485b80c304d3b4b794a3628e9461aac3ff8700b324bd9c14e3543c480735478b05f8b040f310be901e831754b3d16b359ddb67b7a4a56aa04328ef4467741ec0c414c8348e3f3e5fc169cdae71b2e9cf81b5b55246b7e30fb1180d5e470fe37b95286640d05eee1c667fc55cce3e1b9bb0eee6d8b66f252b33cf219b8d92a48051bdfafdfd295b00cd73d62976975da645fe7b0805d275314b413db72d8c332ae1ac8ef89a32ed9c2aa0e44196d15aa76b7d477c792a636cb3f5ac1c29213f9b907c1af2ecc74a47840c37dc3cb8b8390802448d9ab982c650bfe0138a2139b773bdf399ff86ce3d7f219a430bb385e522d736fa55c2ae6e3889984d279b40298e12ec06b5fcb7851b99d629657c97de1059eaa91c5bc5f06f1a34eada64e2682a8c2856cf1c3eaa832e89845432a2f365149ec19c2070d8b095870472b17648bea4ad49c04f1c3", 0x1000, 0x4}], 0x800, &(0x7f0000003080)={[{@sbsector={'sbsector', 0x3d, 0x2e4131e3}}, {@nojoliet}, {@uid}, {@block={'block', 0x3d, 0x400}}, {@session={'session', 0x3d, 0x57}}, {@gid={'gid', 0x3d, r6}}, {@hide}, {@nocompress}, {@nocompress}, {@overriderock}], [{@uid_eq={'uid', 0x3d, 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '\\}#*'}}, {@fowner_gt={'fowner>', 0xee01}}, {@obj_user={'obj_user', 0x3d, 'vfat\x00'}}, {@euid_gt={'euid>', 0xee01}}, {@dont_hash}, {@uid_lt={'uid<', r7}}, {@appraise_type}, {@mask={'mask', 0x3d, 'MAY_READ'}}]}) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000340)={{0x1, 0x1, 0x18, r8}, './file1\x00'}) [ 1595.068212] loop2: detected capacity change from 0 to 40 [ 1595.116357] syz-executor.5: attempt to access beyond end of device [ 1595.116357] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.118199] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1595.164784] syz-executor.1: attempt to access beyond end of device [ 1595.164784] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.166770] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1595.221449] syz-executor.2: attempt to access beyond end of device [ 1595.221449] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.223251] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1595.321557] syz-executor.2: attempt to access beyond end of device [ 1595.321557] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.323145] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:09:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 32) 10:09:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 29) 10:09:59 executing program 2: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x109000, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000240)) perf_event_open(&(0x7f0000000180)={0x6, 0x80, 0x7f, 0x0, 0x5, 0x3, 0x0, 0x3f, 0x20808, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3ff, 0x4, @perf_bp={&(0x7f0000000000), 0x8}, 0x28, 0xffff, 0x8, 0x6, 0x7, 0x0, 0xabe, 0x0, 0x1, 0x0, 0x1}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0xa) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) [ 1595.479667] loop5: detected capacity change from 0 to 40 [ 1595.658570] loop2: detected capacity change from 0 to 40 [ 1595.675338] loop1: detected capacity change from 0 to 40 [ 1595.687398] syz-executor.5: attempt to access beyond end of device [ 1595.687398] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.689099] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:09:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 33) [ 1595.860212] syz-executor.2: attempt to access beyond end of device [ 1595.860212] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.861974] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1595.890103] syz-executor.1: attempt to access beyond end of device [ 1595.890103] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1595.891714] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1595.945344] loop5: detected capacity change from 0 to 40 10:09:59 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:09:59 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08000100000000000400"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:00 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1596.033933] syz-executor.5: attempt to access beyond end of device [ 1596.033933] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1596.035796] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:10:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 30) 10:10:00 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:00 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x0, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1596.158906] loop6: detected capacity change from 0 to 40 [ 1596.160797] loop1: detected capacity change from 0 to 40 10:10:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 34) 10:10:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_flowlabel\x00') clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000240)) utimensat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={{r1, r2/1000+10000}, {0x0, 0xea60}}, 0x0) chdir(&(0x7f0000000140)='./file0\x00') syz_io_uring_setup(0x137, &(0x7f00000001c0), &(0x7f0000800000/0x800000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000240)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000280)=@IORING_OP_POLL_REMOVE={0x7, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x101042, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r6, r5, 0x0, 0xfffffdef) [ 1596.182413] loop4: detected capacity change from 0 to 40 [ 1596.298345] syz-executor.1: attempt to access beyond end of device [ 1596.298345] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1596.300121] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:10:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 31) [ 1596.373244] loop5: detected capacity change from 0 to 40 [ 1596.373344] loop2: detected capacity change from 0 to 40 [ 1596.551354] syz-executor.5: attempt to access beyond end of device [ 1596.551354] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1596.552969] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1596.639713] loop1: detected capacity change from 0 to 40 10:10:00 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f08000100000000000400"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x800) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3f, 0x1}}, './file1\x00'}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f00000000c0)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) 10:10:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 35) [ 1596.942139] loop4: detected capacity change from 0 to 40 [ 1596.957919] loop2: detected capacity change from 0 to 40 10:10:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 32) 10:10:01 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1597.073231] loop5: detected capacity change from 0 to 40 10:10:01 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x0, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1597.231520] loop1: detected capacity change from 0 to 40 [ 1611.811576] loop1: detected capacity change from 0 to 40 [ 1611.815202] loop6: detected capacity change from 0 to 40 10:10:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0x0, 0xee01}}, './file0\x00'}) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r3) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2) sendfile(r1, r0, 0x0, 0xfffffdef) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x54, 0x0, 0x8, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xac15}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x88}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, '\x00', 0x35}}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x47}]}, 0x54}, 0x1, 0x0, 0x0, 0x20048000}, 0x4010) 10:10:15 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:15 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 33) 10:10:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 36) 10:10:15 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f0800010000000000040001"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:15 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1611.831695] loop4: detected capacity change from 0 to 40 10:10:15 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1611.923575] loop5: detected capacity change from 0 to 40 [ 1611.930622] loop2: detected capacity change from 0 to 40 [ 1611.957613] bio_check_eod: 7 callbacks suppressed [ 1611.957625] syz-executor.1: attempt to access beyond end of device [ 1611.957625] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1611.959099] buffer_io_error: 7 callbacks suppressed [ 1611.959109] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1611.963511] perf: interrupt took too long (4987 > 4975), lowering kernel.perf_event_max_sample_rate to 40000 [ 1612.038165] syz-executor.5: attempt to access beyond end of device [ 1612.038165] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1612.039164] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1612.071448] syz-executor.2: attempt to access beyond end of device [ 1612.071448] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1612.072494] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1612.278102] syz-executor.4: attempt to access beyond end of device [ 1612.278102] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1612.280137] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:10:32 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:32 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 34) 10:10:32 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f0800010000000000040001"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 37) 10:10:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') setxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v1={0x1000000, [{0x3, 0x80}]}, 0xc, 0x3) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) readlinkat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)=""/234, 0xea) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:32 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:32 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1628.814235] loop4: detected capacity change from 0 to 40 [ 1628.814774] loop6: detected capacity change from 0 to 40 [ 1628.842120] loop1: detected capacity change from 0 to 40 [ 1628.862370] loop5: detected capacity change from 0 to 40 [ 1628.878192] loop2: detected capacity change from 0 to 40 [ 1629.047314] syz-executor.1: attempt to access beyond end of device [ 1629.047314] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.048943] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1629.064386] syz-executor.5: attempt to access beyond end of device [ 1629.064386] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.066297] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1629.107026] syz-executor.2: attempt to access beyond end of device [ 1629.107026] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.108734] Buffer I/O error on dev loop2, logical block 10, lost async page write 10:10:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 35) [ 1629.273962] syz-executor.4: attempt to access beyond end of device [ 1629.273962] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.275952] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:10:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x20000800000, 0x0, &(0x7f0000000200), 0x2001c, &(0x7f0000000000)=ANY=[]) mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f00000000c0)='\x00', &(0x7f0000000180)='ubifs\x00', 0x10, &(0x7f00000001c0)='vfat\x00') chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 38) 10:10:33 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f0800010000000000040001"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1629.445957] loop2: detected capacity change from 0 to 264192 [ 1629.482098] loop5: detected capacity change from 0 to 40 [ 1629.516455] loop1: detected capacity change from 0 to 40 [ 1629.612644] loop4: detected capacity change from 0 to 40 [ 1629.629365] syz-executor.5: attempt to access beyond end of device [ 1629.629365] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.631056] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:10:33 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1629.711812] syz-executor.1: attempt to access beyond end of device [ 1629.711812] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.713606] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:10:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 36) 10:10:33 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:10:33 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:33 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1629.879359] loop1: detected capacity change from 0 to 40 10:10:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 39) [ 1629.968958] syz-executor.1: attempt to access beyond end of device [ 1629.968958] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1629.970647] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1630.034023] loop5: detected capacity change from 0 to 40 [ 1630.055061] loop6: detected capacity change from 0 to 40 [ 1630.173314] FAULT_INJECTION: forcing a failure. [ 1630.173314] name failslab, interval 1, probability 0, space 0, times 0 [ 1630.175240] CPU: 1 PID: 8573 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1630.176428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1630.177548] Call Trace: [ 1630.177895] [ 1630.178207] dump_stack_lvl+0x8f/0xb7 [ 1630.178733] should_fail_ex.cold+0x5/0xa [ 1630.179270] ? fat_cache_add.part.0+0x5b4/0xb50 [ 1630.179881] should_failslab+0x9/0x20 [ 1630.180394] kmem_cache_alloc+0x5a/0x410 [ 1630.180968] fat_cache_add.part.0+0x5b4/0xb50 [ 1630.181576] fat_get_cluster+0x922/0xd40 [ 1630.182126] ? __pfx_fat_get_cluster+0x10/0x10 [ 1630.182774] fat_get_mapped_cluster+0x216/0x450 [ 1630.183388] ? __pfx_fat_get_mapped_cluster+0x10/0x10 [ 1630.184063] ? mark_lock.part.0+0xef/0x2f70 [ 1630.184684] fat_bmap+0x1fc/0x460 [ 1630.185191] fat_get_block+0x33e/0x930 [ 1630.185769] ? __pfx_fat_get_block+0x10/0x10 [ 1630.186383] ? lock_is_held_type+0xdb/0x130 [ 1630.186988] __block_write_begin_int+0x380/0x13d0 10:10:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 37) [ 1630.187639] ? __pfx_fat_get_block+0x10/0x10 [ 1630.188421] ? __pfx___block_write_begin_int+0x10/0x10 [ 1630.189121] ? PageHeadHuge+0x169/0x1b0 [ 1630.189679] ? __pfx_fat_get_block+0x10/0x10 [ 1630.190276] block_write_begin+0xb9/0x450 [ 1630.190839] cont_write_begin+0x4fe/0x700 [ 1630.191402] ? lock_is_held_type+0xdb/0x130 [ 1630.191988] ? __pfx_fat_get_block+0x10/0x10 [ 1630.192588] ? __pfx_cont_write_begin+0x10/0x10 [ 1630.193212] ? lock_release+0x3b6/0x750 [ 1630.193749] ? __mark_inode_dirty+0x5a6/0xe70 [ 1630.194359] ? mark_held_locks+0x9e/0xe0 [ 1630.194920] fat_write_begin+0x89/0x180 [ 1630.195473] ? __pfx_fat_get_block+0x10/0x10 [ 1630.196088] generic_perform_write+0x25a/0x580 [ 1630.196726] ? __pfx_generic_perform_write+0x10/0x10 [ 1630.197414] ? __pfx_fat_update_time+0x10/0x10 [ 1630.198053] ? __pfx_file_update_time+0x10/0x10 [ 1630.198673] ? generic_write_checks+0x2c0/0x400 [ 1630.199340] __generic_file_write_iter+0x2de/0x480 [ 1630.199998] ? __x64_sys_sendfile64+0x248/0x2a0 [ 1630.200641] generic_file_write_iter+0xe7/0x350 [ 1630.201295] do_iter_readv_writev+0x211/0x3c0 [ 1630.201907] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1630.202562] ? avc_policy_seqno+0xd/0x70 [ 1630.203129] ? security_file_permission+0xb5/0xe0 [ 1630.203817] do_iter_write+0x18b/0x700 [ 1630.204332] ? lock_is_held_type+0xdb/0x130 [ 1630.204941] vfs_iter_write+0x74/0xb0 [ 1630.205455] iter_file_splice_write+0x73e/0xcb0 [ 1630.206136] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1630.206837] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1630.207558] ? inode_security+0x105/0x140 [ 1630.208141] ? security_file_permission+0xb5/0xe0 [ 1630.208807] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1630.209504] direct_splice_actor+0x113/0x180 [ 1630.210127] splice_direct_to_actor+0x33a/0x8c0 [ 1630.210781] ? __pfx_direct_splice_actor+0x10/0x10 [ 1630.211442] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1630.212140] ? security_file_permission+0xb5/0xe0 [ 1630.212822] do_splice_direct+0x1bc/0x290 [ 1630.213398] ? __pfx_do_splice_direct+0x10/0x10 [ 1630.214064] ? lock_is_held_type+0xdb/0x130 [ 1630.214663] do_sendfile+0xb1d/0x1280 [ 1630.215211] ? __pfx_do_sendfile+0x10/0x10 [ 1630.215793] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1630.216452] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1630.217198] __x64_sys_sendfile64+0x248/0x2a0 [ 1630.217832] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1630.218491] ? syscall_enter_from_user_mode+0x21/0x50 [ 1630.219180] ? syscall_enter_from_user_mode+0x21/0x50 [ 1630.219855] do_syscall_64+0x3f/0x90 [ 1630.220365] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1630.221047] RIP: 0033:0x7f19d5d86b19 [ 1630.221540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1630.223729] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1630.224679] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1630.225592] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1630.226484] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1630.227375] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1630.228278] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1630.229236] [ 1630.237899] syz-executor.4: attempt to access beyond end of device [ 1630.237899] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1630.240097] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1630.308142] syz-executor.5: attempt to access beyond end of device [ 1630.308142] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1630.313119] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1630.391770] loop2: detected capacity change from 0 to 264192 [ 1630.446202] loop1: detected capacity change from 0 to 40 [ 1630.523616] syz-executor.1: attempt to access beyond end of device [ 1630.523616] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1630.525194] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:10:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 38) 10:10:48 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:48 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:10:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef) 10:10:48 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 40) 10:10:48 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:10:48 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1644.515628] loop2: detected capacity change from 0 to 40 [ 1644.517218] loop1: detected capacity change from 0 to 40 [ 1644.586233] syz-executor.1: attempt to access beyond end of device [ 1644.586233] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1644.587252] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1644.593823] loop4: detected capacity change from 0 to 40 [ 1644.624080] loop5: detected capacity change from 0 to 40 10:10:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 39) 10:10:48 executing program 2: syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000246f7366d8a02b10080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[@ANYRES32], 0x220) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018002300", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) openat(r2, &(0x7f0000000180)='./file0\x00', 0x20000, 0x40) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x30882, 0x0) [ 1644.744087] loop1: detected capacity change from 0 to 40 [ 1644.781106] syz-executor.5: attempt to access beyond end of device [ 1644.781106] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1644.782879] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1644.886254] loop2: detected capacity change from 0 to 40 [ 1644.914409] FAT-fs (loop2): bogus logical sector size 2064 [ 1644.915409] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1644.923697] syz-executor.1: attempt to access beyond end of device [ 1644.923697] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1644.925666] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:10:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 41) [ 1645.218573] loop5: detected capacity change from 0 to 40 [ 1645.221451] syz-executor.4: attempt to access beyond end of device [ 1645.221451] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1645.223294] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1645.306171] syz-executor.5: attempt to access beyond end of device [ 1645.306171] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1645.307543] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1645.711502] loop2: detected capacity change from 0 to 40 [ 1645.719554] FAT-fs (loop2): Unrecognized mount option "./file0" or missing value 10:11:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 40) 10:11:05 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:11:05 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:05 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 42) 10:11:05 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x2020041, &(0x7f0000000200)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) io_uring_enter(r2, 0x2bd, 0x0, 0x0, 0x0, 0x0) ioctl$FIONCLEX(r2, 0x5450) ioctl$int_out(r2, 0x5466, &(0x7f0000000240)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mknodat$null(r3, &(0x7f00000002c0)='./file1\x00', 0x100, 0x103) syz_io_uring_setup(0x279f, &(0x7f0000000180)={0x0, 0x78ec, 0x0, 0x2, 0x1b7, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000000), &(0x7f00000000c0)) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000280)) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000900), r4) sendmsg$NLBL_CALIPSO_C_LIST(r5, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)={0x14, r6, 0x421}, 0x14}}, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:05 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1661.253610] loop1: detected capacity change from 0 to 40 [ 1661.255100] loop5: detected capacity change from 0 to 40 [ 1661.324185] loop4: detected capacity change from 0 to 40 [ 1661.356107] syz-executor.5: attempt to access beyond end of device [ 1661.356107] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.357944] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1661.363374] syz-executor.1: attempt to access beyond end of device [ 1661.363374] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.365181] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 43) [ 1661.500418] loop5: detected capacity change from 0 to 40 [ 1661.535559] syz-executor.5: attempt to access beyond end of device [ 1661.535559] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.536615] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:11:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 44) 10:11:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 41) [ 1661.637971] loop5: detected capacity change from 0 to 40 [ 1661.702092] syz-executor.5: attempt to access beyond end of device [ 1661.702092] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.703108] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1661.706519] loop1: detected capacity change from 0 to 40 10:11:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 45) [ 1661.785164] syz-executor.1: attempt to access beyond end of device [ 1661.785164] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.786125] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 42) [ 1661.880308] loop5: detected capacity change from 0 to 40 [ 1661.884459] loop1: detected capacity change from 0 to 40 [ 1661.928459] syz-executor.1: attempt to access beyond end of device [ 1661.928459] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.929653] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 43) [ 1661.972779] syz-executor.4: attempt to access beyond end of device [ 1661.972779] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1661.975293] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1662.019319] loop1: detected capacity change from 0 to 40 [ 1662.065943] syz-executor.5: attempt to access beyond end of device [ 1662.065943] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1662.067652] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1662.085240] syz-executor.1: attempt to access beyond end of device [ 1662.085240] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1662.086146] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:06 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1662.261193] loop4: detected capacity change from 0 to 40 [ 1662.343382] syz-executor.4: attempt to access beyond end of device [ 1662.343382] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1662.344697] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:11:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 44) 10:11:20 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:20 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:20 executing program 2: r0 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000180), 0x2, 0x0) fremovexattr(r0, &(0x7f00000001c0)=@random={'user.', 'vfat\x00'}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x4008045) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) sendfile(r4, r4, 0x0, 0x5c6a94b7) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') openat2(r6, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) signalfd(r1, &(0x7f0000000280)={[0x1]}, 0x8) openat(r6, &(0x7f00000000c0)='./file1/file0\x00', 0x2000c0, 0x0) openat(r6, &(0x7f0000000000)='./file0\x00', 0x0, 0x1d) 10:11:20 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:11:20 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:20 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:20 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 46) [ 1676.803673] loop4: detected capacity change from 0 to 40 [ 1676.808492] loop1: detected capacity change from 0 to 40 [ 1676.815543] loop2: detected capacity change from 0 to 40 [ 1676.827700] loop5: detected capacity change from 0 to 40 [ 1676.968624] syz-executor.1: attempt to access beyond end of device [ 1676.968624] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1676.970438] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1676.994107] syz-executor.5: attempt to access beyond end of device [ 1676.994107] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1676.995891] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:11:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 47) 10:11:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 45) [ 1677.285244] syz-executor.4: attempt to access beyond end of device [ 1677.285244] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1677.287138] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1677.319737] loop5: detected capacity change from 0 to 40 [ 1677.349755] loop1: detected capacity change from 0 to 40 [ 1677.378213] FAT-fs (loop2): bogus number of reserved sectors [ 1677.379155] FAT-fs (loop2): Can't find a valid FAT filesystem 10:11:21 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1677.471206] FAULT_INJECTION: forcing a failure. [ 1677.471206] name failslab, interval 1, probability 0, space 0, times 0 [ 1677.472766] CPU: 0 PID: 8701 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1677.473778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1677.474776] Call Trace: [ 1677.475115] [ 1677.475422] dump_stack_lvl+0x8f/0xb7 [ 1677.475941] should_fail_ex.cold+0x5/0xa [ 1677.476470] should_failslab+0x9/0x20 [ 1677.476978] __kmem_cache_alloc_node+0x5b/0x400 [ 1677.477579] ? iter_file_splice_write+0x169/0xcb0 [ 1677.478222] ? iter_file_splice_write+0x169/0xcb0 [ 1677.478872] __kmalloc+0x46/0xc0 [ 1677.479334] iter_file_splice_write+0x169/0xcb0 [ 1677.479963] ? generic_file_splice_read+0x1bc/0x4d0 [ 1677.480628] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1677.481312] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1677.482013] ? inode_security+0x105/0x140 [ 1677.482574] ? security_file_permission+0xb5/0xe0 [ 1677.483228] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1677.483908] direct_splice_actor+0x113/0x180 [ 1677.484496] splice_direct_to_actor+0x33a/0x8c0 [ 1677.485122] ? __pfx_direct_splice_actor+0x10/0x10 [ 1677.485804] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1677.486483] ? security_file_permission+0xb5/0xe0 [ 1677.487142] do_splice_direct+0x1bc/0x290 [ 1677.487711] ? __pfx_do_splice_direct+0x10/0x10 [ 1677.488348] ? lock_is_held_type+0xdb/0x130 [ 1677.488913] do_sendfile+0xb1d/0x1280 [ 1677.489447] ? __pfx_do_sendfile+0x10/0x10 [ 1677.490025] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1677.490678] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1677.491401] __x64_sys_sendfile64+0x248/0x2a0 [ 1677.492027] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1677.492688] ? syscall_enter_from_user_mode+0x21/0x50 [ 1677.493359] ? syscall_enter_from_user_mode+0x21/0x50 [ 1677.494069] do_syscall_64+0x3f/0x90 [ 1677.494579] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1677.495255] RIP: 0033:0x7f19d5d86b19 [ 1677.495742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1677.497964] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1677.498921] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1677.499795] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1677.500701] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1677.501605] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1677.502497] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1677.503413] 10:11:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 48) [ 1677.611240] syz-executor.1: attempt to access beyond end of device [ 1677.611240] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1677.613084] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:21 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x0, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1677.625359] FAT-fs (loop2): Unrecognized mount option "./file0" or missing value 10:11:21 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:21 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1677.791341] loop5: detected capacity change from 0 to 40 [ 1677.792737] loop4: detected capacity change from 0 to 40 10:11:21 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = dup2(r0, r0) openat(r1, &(0x7f0000000000)='./file1\x00', 0x8002, 0x128) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x101042, 0xd0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x208003, 0x8) sendfile(r2, r5, 0x0, 0xfffffdef) acct(&(0x7f0000000180)='./file2\x00') 10:11:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 46) 10:11:21 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1677.922750] syz-executor.5: attempt to access beyond end of device [ 1677.922750] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1677.924243] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1677.970709] FAT-fs (loop6): bogus number of reserved sectors [ 1677.971443] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1677.978335] loop2: detected capacity change from 0 to 40 [ 1678.026202] loop1: detected capacity change from 0 to 40 10:11:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 49) [ 1678.164028] syz-executor.1: attempt to access beyond end of device [ 1678.164028] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1678.165532] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1678.209364] loop5: detected capacity change from 0 to 40 10:11:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000000c0), 0x100040, &(0x7f0000000000)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1678.296238] syz-executor.5: attempt to access beyond end of device [ 1678.296238] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1678.297726] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:11:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 47) 10:11:22 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1678.412304] syz-executor.4: attempt to access beyond end of device [ 1678.412304] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1678.413774] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:11:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 50) 10:11:22 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1678.480528] loop1: detected capacity change from 0 to 40 [ 1678.502777] syz-executor.1: attempt to access beyond end of device [ 1678.502777] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1678.503861] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:22 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x0, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:11:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 48) [ 1678.585153] loop1: detected capacity change from 0 to 40 [ 1678.628805] loop5: detected capacity change from 0 to 40 [ 1678.632316] loop4: detected capacity change from 0 to 40 [ 1678.755741] syz-executor.1: attempt to access beyond end of device [ 1678.755741] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1678.756934] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:41 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 51) 10:11:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 49) 10:11:41 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x0, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:11:41 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) openat(r0, &(0x7f0000000000)='./file1\x00', 0x401000, 0x0) 10:11:41 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:41 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1697.318450] loop1: detected capacity change from 0 to 40 10:11:41 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1697.325572] loop5: detected capacity change from 0 to 40 [ 1697.327979] FAT-fs (loop6): bogus number of reserved sectors [ 1697.328369] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1697.345748] loop2: detected capacity change from 0 to 40 [ 1697.399971] loop4: detected capacity change from 0 to 40 [ 1697.406772] bio_check_eod: 2 callbacks suppressed [ 1697.406783] syz-executor.1: attempt to access beyond end of device [ 1697.406783] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1697.407951] buffer_io_error: 2 callbacks suppressed [ 1697.407960] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1697.438692] syz-executor.2: attempt to access beyond end of device [ 1697.438692] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1697.440889] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1697.483500] syz-executor.5: attempt to access beyond end of device [ 1697.483500] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1697.488039] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:11:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 52) 10:11:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 50) 10:11:41 executing program 2: recvmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000580)=[@rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x50}, 0x10000) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0xfffffffffffffe23, r0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0xfffffef8}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0xfffffffd}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0x1, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x7, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)='\x00'/10, 0x17, 0x9}, {0x0, 0x56, 0x2800}], 0x2410, &(0x7f0000000740)=ANY=[]) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) openat(0xffffffffffffffff, &(0x7f0000000740)='./file1\x00', 0x24102, 0x0) openat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0/file0\x00', 0x58002, 0x48) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) r3 = syz_io_uring_setup(0x2e3d, 0x0, &(0x7f0000ff7000/0x8000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r5 = openat2(r4, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff], 0x4) setsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000700)=0x60, 0x2) ioctl$AUTOFS_DEV_IOCTL_FAIL(r5, 0xc0189377, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xb1, 0x2002}}, './file1\x00'}) accept$unix(r6, &(0x7f0000000600), &(0x7f0000000680)=0x6e) [ 1697.811080] loop1: detected capacity change from 0 to 40 [ 1697.822930] loop5: detected capacity change from 0 to 40 [ 1697.917805] syz-executor.5: attempt to access beyond end of device [ 1697.917805] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1697.919584] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1697.979690] syz-executor.1: attempt to access beyond end of device [ 1697.979690] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1697.981390] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 53) [ 1698.042261] loop2: detected capacity change from 0 to 40 [ 1698.213022] loop5: detected capacity change from 0 to 40 [ 1698.326433] FAULT_INJECTION: forcing a failure. [ 1698.326433] name failslab, interval 1, probability 0, space 0, times 0 [ 1698.327934] CPU: 1 PID: 8788 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1698.328879] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1698.329826] Call Trace: [ 1698.330146] [ 1698.330436] dump_stack_lvl+0x8f/0xb7 [ 1698.330927] should_fail_ex.cold+0x5/0xa [ 1698.331433] should_failslab+0x9/0x20 [ 1698.331908] __kmem_cache_alloc_node+0x5b/0x400 [ 1698.332471] ? iter_file_splice_write+0x169/0xcb0 [ 1698.333085] ? iter_file_splice_write+0x169/0xcb0 [ 1698.333677] __kmalloc+0x46/0xc0 [ 1698.334129] iter_file_splice_write+0x169/0xcb0 [ 1698.334727] ? generic_file_splice_read+0x1bc/0x4d0 [ 1698.335354] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1698.335993] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1698.336669] ? inode_security+0x105/0x140 [ 1698.337235] ? security_file_permission+0xb5/0xe0 [ 1698.338038] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1698.338877] direct_splice_actor+0x113/0x180 [ 1698.339608] splice_direct_to_actor+0x33a/0x8c0 [ 1698.340382] ? __pfx_direct_splice_actor+0x10/0x10 [ 1698.341194] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1698.342049] ? security_file_permission+0xb5/0xe0 [ 1698.342852] do_splice_direct+0x1bc/0x290 [ 1698.343541] ? __pfx_do_splice_direct+0x10/0x10 [ 1698.344332] ? lock_is_held_type+0xdb/0x130 [ 1698.345023] do_sendfile+0xb1d/0x1280 [ 1698.345621] ? __pfx_do_sendfile+0x10/0x10 [ 1698.346286] __x64_sys_sendfile64+0x248/0x2a0 [ 1698.346960] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1698.347694] ? syscall_enter_from_user_mode+0x21/0x50 [ 1698.348548] ? syscall_enter_from_user_mode+0x21/0x50 [ 1698.349413] do_syscall_64+0x3f/0x90 [ 1698.349999] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1698.350821] RIP: 0033:0x7f19d5d86b19 [ 1698.351408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1698.354129] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1698.355297] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1698.356398] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1698.357480] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1698.358582] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1698.359666] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1698.360797] [ 1698.801101] loop2: detected capacity change from 0 to 40 10:11:58 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:58 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:11:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 54) 10:11:58 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x0, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:11:58 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:11:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 51) 10:11:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17, 0x1000000}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1714.520752] FAT-fs (loop6): bogus number of reserved sectors [ 1714.521207] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1714.530945] loop5: detected capacity change from 0 to 40 [ 1714.544056] loop2: detected capacity change from 0 to 65536 [ 1714.569587] FAT-fs (loop2): bogus number of reserved sectors [ 1714.570443] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1714.606552] loop1: detected capacity change from 0 to 40 [ 1714.627817] loop4: detected capacity change from 0 to 40 [ 1714.628486] syz-executor.5: attempt to access beyond end of device [ 1714.628486] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1714.630229] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1714.830118] syz-executor.1: attempt to access beyond end of device [ 1714.830118] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1714.832093] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:11:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 55) [ 1715.033041] loop5: detected capacity change from 0 to 40 [ 1715.160688] syz-executor.4: attempt to access beyond end of device [ 1715.160688] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1715.163580] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1715.255698] syz-executor.5: attempt to access beyond end of device [ 1715.255698] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1715.257408] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1715.391228] loop2: detected capacity change from 0 to 65536 [ 1715.410635] FAT-fs (loop2): Unrecognized mount option "./file0" or missing value 10:12:12 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:12 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 52) 10:12:12 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x0, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:12:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r1, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e23, @rand_addr=0x64010100}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000240)="4fedbfee24a9a57e85af212409077d2460f8d771a81d40dc8637b219d6abfa2ecc495d80bb09b43093a01a094e08cbc8a48fd2a6ceb262c7cbd917fa6a6e69d6b023736bcac48604935c8efa80dc9562e191223f53ea80717b09703e12747905f032b83b91b1268f791c8dd188dc14b8", 0x70}, {&(0x7f0000000000)="00a238ac8f00e5ec0b0bde1309c85b82a768215f", 0x14}, {&(0x7f00000002c0)="c5d07fc5cfbf5032da68220de3fcb987679b446dbd32fefd8e508f6ffeb9c1a7a0e03abfbc213b79f751f7be939fa6601a6660b48424a0f064502b0792883f6f9ea0a8e92210e009e579b0205daa47f5037e5e6f77dfd04d779aa1a6a8bbf4f9ca43c718bc169b6378570534ab5723cfbd8d7081140a9c9c02e19e38c1f65e7516e3c6e161d3d2a9cbe57a6d453ef5b56668ccf1551953cd4a1cf8", 0x9b}, {&(0x7f0000000380)="63fa2d630fd8e43ee3a3d96c51144a40578e8348be4abdf5191bb01b69928372193136dcd0539b2a1327e520f3ea4db0046751fa38f8c5e694d3adff948312a1ba5e6fc6410f8283c9049c780ddb11a46e8d483c703ef37ce5eb6f812c00a058a97449ab6d990525d3e249c27286857bcf552b2f131c9d541580957385b1751a2a9e75dcb87f4c2ace68670fd4261bf4021e2a30cf7a2228bf43", 0x9a}, {&(0x7f00000000c0)="c5c55922", 0x4}, {&(0x7f0000000440)="50b44e9ff1b4151cfdf03f7cc0ba", 0xe}], 0x6}, 0x0, 0xc000, 0x1}, 0x7fff) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:12 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:12 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1728.465578] loop5: detected capacity change from 0 to 40 10:12:12 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 56) [ 1728.486321] loop1: detected capacity change from 0 to 40 [ 1728.496332] loop4: detected capacity change from 0 to 40 [ 1728.522389] FAT-fs (loop6): bogus number of reserved sectors [ 1728.522518] syz-executor.5: attempt to access beyond end of device [ 1728.522518] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1728.523173] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1728.524014] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1728.529621] loop2: detected capacity change from 0 to 40 [ 1728.555071] syz-executor.1: attempt to access beyond end of device [ 1728.555071] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1728.555932] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:12:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 57) 10:12:12 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 53) [ 1728.655179] syz-executor.2: attempt to access beyond end of device [ 1728.655179] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1728.656108] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1728.692367] loop5: detected capacity change from 0 to 40 [ 1728.724354] loop1: detected capacity change from 0 to 40 10:12:12 executing program 2: semctl$GETPID(0x0, 0x4, 0xb, &(0x7f0000000380)=""/140) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r1 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r3 = openat2(r2, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff], 0x4) r4 = openat(r3, &(0x7f0000000100)='./file1\x00', 0x1010c2, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r5, r4, 0x0, 0xfffffdef) [ 1728.791337] FAULT_INJECTION: forcing a failure. [ 1728.791337] name failslab, interval 1, probability 0, space 0, times 0 [ 1728.792390] CPU: 0 PID: 8858 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1728.792972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1728.793521] Call Trace: [ 1728.793716] [ 1728.793877] dump_stack_lvl+0x8f/0xb7 [ 1728.794178] should_fail_ex.cold+0x5/0xa [ 1728.794477] should_failslab+0x9/0x20 [ 1728.794748] __kmem_cache_alloc_node+0x5b/0x400 [ 1728.795076] ? iter_file_splice_write+0x169/0xcb0 [ 1728.795440] ? iter_file_splice_write+0x169/0xcb0 [ 1728.795801] __kmalloc+0x46/0xc0 [ 1728.796054] iter_file_splice_write+0x169/0xcb0 [ 1728.796414] ? generic_file_splice_read+0x1bc/0x4d0 [ 1728.796791] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1728.797173] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1728.797572] ? inode_security+0x105/0x140 [ 1728.797886] ? security_file_permission+0xb5/0xe0 [ 1728.798261] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1728.798634] direct_splice_actor+0x113/0x180 [ 1728.798978] splice_direct_to_actor+0x33a/0x8c0 [ 1728.799333] ? __pfx_direct_splice_actor+0x10/0x10 [ 1728.799698] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1728.800076] ? security_file_permission+0xb5/0xe0 [ 1728.800443] do_splice_direct+0x1bc/0x290 [ 1728.800758] ? __pfx_do_splice_direct+0x10/0x10 [ 1728.801122] ? lock_is_held_type+0xdb/0x130 [ 1728.801457] do_sendfile+0xb1d/0x1280 [ 1728.801766] ? __pfx_do_sendfile+0x10/0x10 [ 1728.802108] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1728.802497] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1728.802902] __x64_sys_sendfile64+0x248/0x2a0 [ 1728.803245] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1728.803623] ? syscall_enter_from_user_mode+0x21/0x50 [ 1728.804005] ? syscall_enter_from_user_mode+0x21/0x50 [ 1728.804391] do_syscall_64+0x3f/0x90 [ 1728.804676] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1728.805067] RIP: 0033:0x7f7c47a26b19 [ 1728.805340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1728.806639] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1728.807179] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1728.807702] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1728.808216] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1728.808715] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1728.809223] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1728.809752] [ 1728.822551] syz-executor.5: attempt to access beyond end of device [ 1728.822551] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1728.823534] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1728.912345] loop2: detected capacity change from 0 to 40 10:12:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 58) 10:12:12 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:12 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:13 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x0, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1729.079776] syz-executor.4: attempt to access beyond end of device [ 1729.079776] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1729.082316] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:12:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 54) [ 1729.106782] loop5: detected capacity change from 0 to 40 10:12:13 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1729.291644] loop1: detected capacity change from 0 to 40 [ 1729.293418] loop4: detected capacity change from 0 to 40 10:12:13 executing program 2: r0 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000180)="0400102000f80100000000000000000000000000000000348d79393ad1583db13b94704292b52b873bc2dc7283c797f7731e8fee050487db235f28d6dcd685dd68e648b238c6654575dc99b8b7dc7283851a22ddc9de8161998a0eb6a76a0cfc880a2cd47621fbcd5577e8a382c84e996e5b", 0x72, 0x1b}, {0x0, 0x0, 0x2800}], 0x27402, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) openat(r0, &(0x7f0000000000)='./file1\x00', 0x4c0100, 0x14a) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) [ 1729.353534] syz-executor.5: attempt to access beyond end of device [ 1729.353534] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1729.355288] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1729.358094] syz-executor.1: attempt to access beyond end of device [ 1729.358094] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1729.359229] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:12:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 55) 10:12:13 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 59) [ 1729.509617] loop1: detected capacity change from 0 to 40 [ 1729.520457] loop2: detected capacity change from 0 to 40 [ 1729.545732] syz-executor.4: attempt to access beyond end of device [ 1729.545732] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1729.547292] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:12:13 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1729.644117] loop4: detected capacity change from 0 to 40 [ 1729.647121] FAT-fs (loop6): bogus number of reserved sectors [ 1729.648076] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1729.691668] syz-executor.1: attempt to access beyond end of device [ 1729.691668] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1729.693270] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1729.744633] loop5: detected capacity change from 0 to 40 [ 1729.764395] syz-executor.4: attempt to access beyond end of device [ 1729.764395] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1729.766380] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:12:13 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1729.857437] loop4: detected capacity change from 0 to 40 10:12:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 56) [ 1730.106326] loop1: detected capacity change from 0 to 40 [ 1730.344799] loop2: detected capacity change from 0 to 40 [ 1743.471010] loop5: detected capacity change from 0 to 40 10:12:27 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:12:27 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000240)={0x7, 0xdd, 0x5, 0x8000, 0x4, [{0x1ff, 0x4, 0x400, '\x00', 0x800}, {0x8, 0x4, 0x5, '\x00', 0x1804}, {0x4, 0xffff, 0x53, '\x00', 0x1007}, {0x20, 0x5, 0x8, '\x00', 0x1200}]}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x4, &(0x7f0000000000)=[{0x7f, 0xa5, 0xbc, 0x7}, {0x0, 0x1f, 0x20, 0x2}, {0x8, 0x81, 0xc, 0xffffffff}, {0x3, 0xff, 0x7f, 0x6}]}) sendfile(r4, 0xffffffffffffffff, &(0x7f0000000180)=0x23, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:27 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:27 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 60) 10:12:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 57) 10:12:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1743.489763] loop2: detected capacity change from 0 to 40 [ 1743.492303] loop4: detected capacity change from 0 to 40 [ 1743.500560] FAT-fs (loop6): bogus number of reserved sectors [ 1743.501022] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1743.533371] loop1: detected capacity change from 0 to 40 [ 1743.649785] bio_check_eod: 3 callbacks suppressed [ 1743.649798] syz-executor.1: attempt to access beyond end of device [ 1743.649798] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1743.651209] buffer_io_error: 3 callbacks suppressed [ 1743.651218] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1743.722275] syz-executor.5: attempt to access beyond end of device [ 1743.722275] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1743.724606] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1744.191679] syz-executor.4: attempt to access beyond end of device [ 1744.191679] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1744.193604] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:12:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 58) 10:12:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 61) 10:12:41 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1757.983437] loop5: detected capacity change from 0 to 40 [ 1758.027240] loop1: detected capacity change from 0 to 40 10:12:41 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:41 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:41 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:41 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:12:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/schedstat\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c0002800c00000008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000000c0)='\x00', 0x0, r3) [ 1758.050228] loop2: detected capacity change from 0 to 40 [ 1758.072323] syz-executor.5: attempt to access beyond end of device [ 1758.072323] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.073331] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1758.084223] loop4: detected capacity change from 0 to 40 [ 1758.085417] loop6: detected capacity change from 0 to 40 [ 1758.114060] FAT-fs (loop6): bogus number of reserved sectors [ 1758.115117] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1758.117963] syz-executor.1: attempt to access beyond end of device [ 1758.117963] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.118924] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:12:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 62) [ 1758.248127] syz-executor.2: attempt to access beyond end of device [ 1758.248127] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.249801] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1758.256360] loop5: detected capacity change from 0 to 40 10:12:42 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 59) [ 1758.297222] syz-executor.2: attempt to access beyond end of device [ 1758.297222] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.298323] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 1758.337476] syz-executor.5: attempt to access beyond end of device [ 1758.337476] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.338759] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:12:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 63) [ 1758.458907] loop1: detected capacity change from 0 to 40 [ 1758.490061] loop5: detected capacity change from 0 to 40 10:12:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000001640)={0xffffffffffffffff, r0}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup2(r2, r2) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0xfffffff9}, 0x1c) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000001380)={'sit0\x00', &(0x7f0000001300)={'sit0\x00', r6, 0x2f, 0x4, 0x0, 0x5, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, 0x80, 0x20, 0x5087, 0xffffffff}}) ioctl$sock_inet6_SIOCDELRT(r4, 0x890b, &(0x7f0000000380)={@private1, @private2, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800086, r6}) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@local, 0x7a, r6}) syz_emit_ethernet(0x4e, &(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYRESHEX=r6], 0x0) [ 1758.576004] FAULT_INJECTION: forcing a failure. [ 1758.576004] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.577237] CPU: 1 PID: 8965 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1758.578057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.578893] Call Trace: [ 1758.579164] [ 1758.579405] dump_stack_lvl+0x8f/0xb7 [ 1758.579824] should_fail_ex.cold+0x5/0xa [ 1758.580258] should_failslab+0x9/0x20 [ 1758.580660] __kmem_cache_alloc_node+0x5b/0x400 [ 1758.581131] ? iter_file_splice_write+0x169/0xcb0 [ 1758.581647] ? iter_file_splice_write+0x169/0xcb0 [ 1758.582159] __kmalloc+0x46/0xc0 [ 1758.582521] iter_file_splice_write+0x169/0xcb0 [ 1758.583054] ? generic_file_splice_read+0x1bc/0x4d0 [ 1758.583579] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1758.584124] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1758.584680] ? inode_security+0x105/0x140 [ 1758.585126] ? security_file_permission+0xb5/0xe0 [ 1758.585645] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1758.586194] direct_splice_actor+0x113/0x180 [ 1758.586680] splice_direct_to_actor+0x33a/0x8c0 [ 1758.587179] ? __pfx_direct_splice_actor+0x10/0x10 [ 1758.587709] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1758.588250] ? security_file_permission+0xb5/0xe0 [ 1758.588765] do_splice_direct+0x1bc/0x290 [ 1758.589232] ? __pfx_do_splice_direct+0x10/0x10 [ 1758.589766] ? lock_is_held_type+0xdb/0x130 [ 1758.590291] do_sendfile+0xb1d/0x1280 [ 1758.590777] ? __pfx_do_sendfile+0x10/0x10 [ 1758.591319] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1758.591862] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1758.592439] __x64_sys_sendfile64+0x248/0x2a0 [ 1758.592928] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1758.593453] ? syscall_enter_from_user_mode+0x21/0x50 [ 1758.593984] ? syscall_enter_from_user_mode+0x21/0x50 [ 1758.594529] do_syscall_64+0x3f/0x90 [ 1758.594951] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1758.595486] RIP: 0033:0x7f7c47a26b19 [ 1758.595872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.597612] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1758.598386] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1758.599121] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1758.599845] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.600580] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1758.601280] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1758.602018] [ 1758.683690] syz-executor.5: attempt to access beyond end of device [ 1758.683690] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.686201] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1758.765337] loop2: detected capacity change from 0 to 40 10:12:42 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1758.801433] syz-executor.4: attempt to access beyond end of device [ 1758.801433] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1758.803602] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:12:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 64) 10:12:42 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:12:42 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1758.968128] loop5: detected capacity change from 0 to 40 10:12:43 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 60) 10:12:43 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1759.087395] syz-executor.5: attempt to access beyond end of device [ 1759.087395] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1759.089094] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1759.195202] loop1: detected capacity change from 0 to 40 [ 1759.218586] loop6: detected capacity change from 0 to 40 10:12:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 65) [ 1759.229351] FAT-fs (loop6): bogus number of reserved sectors [ 1759.230207] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1759.240397] loop4: detected capacity change from 0 to 40 [ 1759.331248] syz-executor.1: attempt to access beyond end of device [ 1759.331248] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1759.332754] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1759.410621] loop5: detected capacity change from 0 to 40 10:12:43 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 61) [ 1759.570761] syz-executor.5: attempt to access beyond end of device [ 1759.570761] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1759.572626] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:12:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 66) [ 1759.710974] loop1: detected capacity change from 0 to 40 10:12:43 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1759.927614] loop4: detected capacity change from 0 to 40 [ 1759.944221] loop5: detected capacity change from 0 to 40 [ 1760.063319] FAULT_INJECTION: forcing a failure. [ 1760.063319] name failslab, interval 1, probability 0, space 0, times 0 [ 1760.064696] CPU: 0 PID: 8999 Comm: syz-executor.5 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1760.065640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1760.066586] Call Trace: [ 1760.066907] [ 1760.067190] dump_stack_lvl+0x8f/0xb7 [ 1760.067683] should_fail_ex.cold+0x5/0xa [ 1760.068199] should_failslab+0x9/0x20 [ 1760.068677] __kmem_cache_alloc_node+0x5b/0x400 [ 1760.069238] ? iter_file_splice_write+0x169/0xcb0 [ 1760.069848] ? iter_file_splice_write+0x169/0xcb0 [ 1760.070446] __kmalloc+0x46/0xc0 [ 1760.070886] iter_file_splice_write+0x169/0xcb0 [ 1760.071487] ? generic_file_splice_read+0x1bc/0x4d0 [ 1760.072121] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1760.072761] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1760.073420] ? inode_security+0x105/0x140 [ 1760.074026] ? security_file_permission+0xb5/0xe0 [ 1760.074783] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1760.075552] direct_splice_actor+0x113/0x180 [ 1760.076212] splice_direct_to_actor+0x33a/0x8c0 [ 1760.076929] ? __pfx_direct_splice_actor+0x10/0x10 [ 1760.077698] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1760.078443] ? security_file_permission+0xb5/0xe0 [ 1760.079198] do_splice_direct+0x1bc/0x290 [ 1760.079818] ? __pfx_do_splice_direct+0x10/0x10 [ 1760.080560] ? lock_is_held_type+0xdb/0x130 [ 1760.081215] do_sendfile+0xb1d/0x1280 [ 1760.081818] ? __pfx_do_sendfile+0x10/0x10 [ 1760.082434] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1760.083196] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1760.083972] __x64_sys_sendfile64+0x248/0x2a0 [ 1760.084567] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1760.085223] ? syscall_enter_from_user_mode+0x21/0x50 [ 1760.085879] ? syscall_enter_from_user_mode+0x21/0x50 [ 1760.086550] do_syscall_64+0x3f/0x90 [ 1760.087072] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1760.087770] RIP: 0033:0x7f19d5d86b19 [ 1760.088222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1760.090268] RSP: 002b:00007f19d32fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1760.091160] RAX: ffffffffffffffda RBX: 00007f19d5e99f60 RCX: 00007f19d5d86b19 [ 1760.092202] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1760.093203] RBP: 00007f19d32fc1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1760.094231] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1760.095272] R13: 00007ffdb58efcff R14: 00007f19d32fc300 R15: 0000000000022000 [ 1760.096336] 10:12:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) lseek(r2, 0x2, 0x1) sendfile(r1, r0, 0x0, 0xfffffdef) 10:12:44 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x0, &(0x7f0000000600)) syz_io_uring_submit(0x0, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1760.247584] loop2: detected capacity change from 0 to 40 10:13:02 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 62) 10:13:02 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:13:02 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x0, &(0x7f0000000600)) syz_io_uring_submit(0x0, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:13:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file2\x00', 0x4300, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 67) 10:13:02 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:02 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1778.236383] loop2: detected capacity change from 0 to 40 [ 1778.245635] loop4: detected capacity change from 0 to 40 [ 1778.287494] loop6: detected capacity change from 0 to 40 [ 1778.296212] loop5: detected capacity change from 0 to 40 [ 1778.311079] FAT-fs (loop6): bogus number of reserved sectors [ 1778.311903] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1778.312314] loop1: detected capacity change from 0 to 40 10:13:02 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000180)=ANY=[@ANYRESDEC]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(r0, &(0x7f0000000000)='./file0\x00', 0x40, 0x57) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r3 = openat(r2, &(0x7f00000000c0)='./file1\x00', 0x48000, 0x8) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'}) openat(r4, &(0x7f0000000240)='./file0\x00', 0x48001, 0x80) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdee) [ 1778.478751] bio_check_eod: 5 callbacks suppressed [ 1778.478775] syz-executor.5: attempt to access beyond end of device [ 1778.478775] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1778.481231] buffer_io_error: 5 callbacks suppressed [ 1778.481260] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1778.510192] syz-executor.1: attempt to access beyond end of device [ 1778.510192] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1778.512045] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1778.539787] loop2: detected capacity change from 0 to 40 [ 1778.580970] FAT-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value [ 1778.663794] loop2: detected capacity change from 0 to 40 [ 1778.674643] FAT-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value 10:13:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 68) [ 1778.725523] syz-executor.4: attempt to access beyond end of device [ 1778.725523] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1778.727443] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:13:02 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 63) 10:13:02 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:13:02 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000640), 0x402000, 0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000680), 0x1a4c0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = syz_io_uring_setup(0x2660, &(0x7f00000006c0)={0x0, 0xeb42, 0x0, 0x3, 0x21e}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000740), &(0x7f0000000780)) r5 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = fork() r7 = fork() process_vm_readv(r7, &(0x7f0000000000)=[{&(0x7f0000000a00)=""/105, 0x69}, {0x0}, {&(0x7f0000000180)=""/199, 0xc7}], 0x3, &(0x7f0000000d40)=[{&(0x7f0000000280)=""/21, 0x15}, {&(0x7f00000005c0)=""/106, 0x6a}, {&(0x7f0000000340)=""/122, 0x7a}], 0x3, 0x0) kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, 0xffffffffffffffff, &(0x7f00000000c0)={r5, 0xffffffffffffffff, 0x8}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(r8, r8) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000000)=[{&(0x7f00000002c0)="53f52521f3fa634521785502a7b4ee5fdcc1dabc6f402109d05706e9dce5a4742e4e4e53f5211099bf616d75838607a09d660f965aae9d9a872bdffe9c8fb1cb03c3ccb1d7227b0d8a8ffb8bb526113b9868dd10c253bb659470ff4ca202a18e7280e7f8d57a4d9db0b419fd9aec110096b8e125505ae6c64f7d7989fbe205731600aa96f3597b1f84ed423a7355cbd812ded2aa190282e980f1eaf93092d4c161906ae4dd490c57d7681a20c6e64b1f9dfe337b491c6d21d780672e1ca024ef91ceb21c38d583e01e32730ac0b489a0d47a2c0bd3628fca38be40ee13", 0xdd}, {&(0x7f00000003c0)="18ec305eb62eb48e50076ba2312021cc9f4b63daacd62e8abc9dc64898f6c5f3171bdc9db0f4348eefdc81338c513fd40c8fcc345295e217c97e4eb9d0c42a62d249cd400841f9ec6aa33cf5f0b6480303f26d190a41e272c2c65c3016570f5702481cf03da5b623d005dabb5279fa62913e1ff444c9498afe047ea2cd940a81e620f03a240c780ba4e7b7532f25f23cb793331660253de7b102cb512610418ff844ce139aefc1e608146dba8b75af924e48d3d5669afc765eb712d6b33ea2a307c94e8edc86d357ab3feb9bf55959b0faf71bfceb81a9582417453a05f17524228a18a14293d721f0465a4e", 0xec}, {&(0x7f00000004c0)="d3f042821010e700c05a64386970ddf5c445ba3689ddee9ca15e3562e49363a77c7d7c090c30197b6c32d927ac61263e2842c74005456bd938777d55cd90ffdd8f4c04024fc6288ea85cb42998", 0x4d}, {&(0x7f0000000540)="055400a163be4098904ed56ed2be35ca18c0a4858d925b660297e2b5d248ef2583767e507b2211a85c65c3e6001d3e9b3bd47c119f850cab210f736a4803b8574d58b66013eea80f6a0254062656bcf4e642c0dd607a46154862abd09338d39a208b05e7293870befd491f784ed82eb1dff607da28c237894912e8120a4a3d41b3561bf9aaf8e1a886065a43c7fcc47a3a0be4d911e297eb67c8ab8b8e9d97e8cb30e1eff177381f5a0d3e14df2716f20cdc03af69fc2959279e69d05531a8fd63d49bd975698b07", 0xc8}], 0x4, &(0x7f00000007c0)=[@rights={{0x20, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r0]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [r0, r1]}}, @rights={{0x28, 0x1, 0x1, [r2, r0, r3, r4, r0, r0]}}], 0xf0, 0x40}}, {{&(0x7f00000008c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f00000019c0)=[{&(0x7f0000000940)="d69e1bf9785f3e988adb58d15e", 0xd}, {&(0x7f0000000980)="96b485df013c217983d5192ef400c6db30c167e2bfd9d1db56dcfff62edbff1f53de691e2a39de2b5303dccf144150af75688b4cc4f03fb60a70681ab1ce732bb3b3c4a3c8a56e3df4e635e225e85496c9ecedbfea5ebbc7f8ab677ddae854ab141fb6700b752da12c35f9f63c8408c28ef91afa73f3603a56ad66d52e1b58a147d65340633ef3de921e41f3d1fd21ebcfd4ff5caa43686179038863a340c195ace4e371ed014bff89972cc9e7ae4fb96ba38e1a08f6649ab9ec6c2cc3c7af2942bc962fafc31d34fcc85e50a9d38953dca5443c503d651ab6b74037cb23eb90a48d363c9d80e3356933dd1d4866d05aef6f2a77acfd3844589d85f39e774542e5e55030641e551c41208f78ca089463843e3231c9b6bc2c223408e240f8e85df6ad620ebadc5e5b795624b3dd5dc61bcc2058094c0187f298fbfcabe8dbc1fb887c5858e65f494b665b1abab4f1e84db7867726df0679985310363389bbf2b6be857db75aa1a24ee6e70682444fd78d69eb7b21cdcb42a3914ab0847ad10eef6aba49e728626eaa61cd96d705f734fc8fdfb6a7b6e35c919a371857fad5d4ec4f4e445eaf0116571e0bc3d73d724640b0ed23ae6e6716507522829f06fccacc01704ef037aa11d4a583de488e5c18b1e0459c0b943f336872b9ff1d4615256a288ac4f5612c3fd3efc6d8a0b511ffdcec5dc370643e6bcb0c36784dd2a74a58051cb195768dfe0fb62897c8d58d3b3b570773670e589c45175cf04d06411cd9bfc6f03dc8c091407405238ddea813b1201e20075e3ffafebc3eea2942c7da064775378c8fdf81b84d4d3d544bcbe9979aa476d0b825f7d426bf2d798af2507e013d667862017ffc6d6c3f2b334f97237725683d912c7cf82ae6dd355e436e2a6cd30aa65aabf796a66e1ac4c6cb808358f5060dd86718791ac9e747a57922e8af54827f4c25215078cf193e404e6c9ed83c0e2ebd6ac90e0285899dc0911e5a60675e2f239c0843866e18be230ebf58c51b6ac1e397e468820b580c64e7fe60873386ff4a881dc587b4add01a6701f43f28e66f39ca8db8d6772a7be076a7acc0d0cfb172b03ef56338ff5ffc2260b6fc9437ba8bda28b7fc23555b9084b67df7ee37232a2b8c990e75ad9a219094f97e0302417a2edb48f8b43defb0ca39b83e565bbd8842756432995c338f1322c97572ede389c824da55d241dbcb910dce7debd4daef0d4138f4b538f8821f56d5bd336f302f1e2da231754f80231cad8ed1da342219ef87f54e4e99bb92245f3b4ac4dd56a7e19e8f92a31a03a087c70900b04ded6d21b27fd534849c398ec6da6e267b6286c6bd7461af02a3f933052a2356f469d05fb9b0f50908cdec971f8845db882bfb663f9a8d37f3939032fe29130e0293235242463519e35e0398e38e3f3eda3de3a61ab7fd9f0ba7a6ef545042838695704f21abc49a4f67ee26b65799e47e3e188901b317e5d7055cc7ee61264a846e659dafce3ada6be4b8a93696c293facb625e93ff520d93f4af46fabd8343f9646db902ca0fd055f200b0a6261602c6bffcf30d829aaae72fdada6b27e62707637187d8da02ec9b166907cc65d6f052e2338c525995e5033f399ef8159bae7037f0c15fa2a755032d2836cdcdacf1e2926214ee43343978dc826c2ba6b082516d362999ebddcff766ce891f61ae7781051365f5d83f02ad0f8f890dc717d49fdd6306c22be1a0da36f291567d508b9385954d58e496d23e66115bc18b5c4f82e3d7f2fde508a8fcb95f11b5561e1a1cdbfa3ccb5c101d6189d7268093e2c2be276204f7938716de4bf5128d2c8d51b24400395e24314d370ff80d8017bff713a2da21cc872230a3fb131b1fb47c900c67064a0531da93e6d0cbb609beca4993445480241ab300ddae5cb13a39e56ab2322efb72d942394c3668a75c67f6e5b439703ae870ba9a0ae3513a9067bc1de2933d993fd4fd58482c9b1f84c4530d147c0dbf2561cf437f25cfce9777199eefeb66cb0a5757e444b4f861ef0c2307af6bd5d87921dd906c07efa536a1199e66da365a04eebe1eaac3f7dc589c4c83517013559eea8e77fb2f2ee55ecafb8605cefc91a8f4a13120fe52a01f285784aead751d43a733308ed08b70960c5039a529c576818f8923ab9c41261bb6076c078afcadbca19194b99a179e00efba5e2445ed2079594289b9d87efa3cb18281ba83a3bae9532d391b24a71895c6f348230e0919bc5abe16c3332d124533c27f2430ba48903b4bbdf1ea68af4549fda58676eb6f3821babfa7839db0017dbd6b00238150a7367392a03b5c1ffff54b7423cdc371ee0055929f67aa3f9cb7b2408c4730ec677aaf693c00d5d1b647584dd976daa1bf786e62382f6bca8b1bbb12025ca568961928add645649e87050feac7ab5fe25a13ccc4bf46e15bcd1cc82001d7620e3507db5a3413cbc3412e8c9f6684fc66ae33d092b634ce26fbfa796cbef6905b344f49a45f4935206ecc19391711c1646177e0ab0c113db617478fa1a7dc535e615f5e818979266188c92d88721beff286fba43fa34923256518c4593b884bb04b5bf91dbfac69d5778c3d150750d0fc9e80266ba02d7f69a3f115752bfb0106ffc503bad02245e368644ddf5a1e6d86a4a058ac47c910e942270bbbcde87be302bf37980b9d962bdd8ece70af005de075d884aaa19948dd36beed5e17fdee8ff91130f98eb383caf41948bea89291361e420d953907b7df8f8190eb922df7ffbc73784b1194e0a50470856d4431581741d95275e33eedc1057eeac32438e5485315add7a7118172c28939abb43f71a1e3335f2486cf334f87953ba11b734421c77d7750b78503669e1498685725c19ab38b348e5857ab242c92d3c8a4ece93a853e084db2fbb6735730e5f57cdd36584d207d094581567efdd54c7ff985708ddd15739f6fd12e82f0619fc9283819f4a5ec8c1a1c124d89fdcf11ebc27d6d14a3d1b0b43c2b9d1575f42bbb9ff071839588e8ae571249609970d0556a57cc2a27363412465e6711d9fc862f00ba09f43c4549f1708a97d2dc5f1089f453bb4633a212a0cf48b1dda32a07116d2016aaeab727f42dbcc5c8fdb6986cef62da217169ffff80a2b7fc288c2716617e9c2f20763320cfae44e223c1dc8591c682ff4db56bf3b03f5eecb650f20e90e7a9d348a9a84d3e52511e2975cac5f2e52cd91b929c9b255ba1ea97dfe31417f615049a35e0af7f234f8e8159279ac5fc8e58b3dc380ad4bdf633293c7c9b7403cf434e5203c8949457838f2051e6cddfeb6b5f297ab21d104497ad8a74b204f5eb1ec1ada829d33df82a7c69cd5ebfb8944d43ee91ec645132bb55170828fc84e1ce8b847dbcc579e1b45c0596d297f34fd3e2f40972287d73d129c7f94370594a5325cb75d75b6a83cd299d55c1b74c6b55503663089dda600f5f197517d9c55059c65a0eb2cd4eb255cfb89f320c6e27156fed72f817729f2e2c4a96f38b5ce97fc2c91646c9918cf9243348f4ffdc619fef570f3ebd65da2170f1328b86eea6f7d8d2600c8cf81d95aba4af0a0b7f77a2e578a23600c11c453772347258831b4a1b2928d6a3dd3b306c28cb75420ff5d1771281f14360c854fe06c76ccc1e13d03106511c49c17efbb114ffa1d3594b2258fb29abd91607190dc9cb05263e81cf9ebf4e00815160cc2ce92b90264917b29c38fd60afd6a3963f14d22583815248d9777de9430f765e4d29e0ad15e6bf670d94d130b87ced39e542fa12afcd4b9df35ffd4ff37efc70a67646f2c9e0e72768996be4a989ec742fc9677efad1401042dd507f1bea635dde7105389547d9f32b770f4ade6a642749fa743e237df1bd9e589cca0a60d2399efda0004b578611b5f6db5ca531a265f6aa6348ae09d19de5384880c85538b681807b27df4135da9aeb722f553ed6c0bfb2b51d2b222a615a0c6dd0f2c6891afcd0de23d532a58cb41b29a8795bd963bc933f2cf4df3f1648aa3251a08842eb15db8c58334e1d61859cfa015ca7ae354ca42290887d2d94cc004967fd2a34318fd78ebeea52189c613b5b735c223bf7ac0ffd43873c4db2e87ce87d83ff6525f066ae982211da0624128251a63943a09bcac454b0e4290db9105c66c50f007c5a3629c8f19b39abc66d111b5f3715a9fa1a294be8b4ffa8d511c23e22a1b368ddfd2726368e1f84ffd3c9b5d14da6b875e79902bd77156578a933d5c4c01fc12cdfcd0b317251d3b2a8cac4487d31fc009840105a96abacdc2bce36c629fecc034c6c1b95195e22d44841e65b286598d0f79854ec2f9bfc35a89e3f7e0793a5795ee5c18c52389a4fcd04844392f4b66592c46980beb26756cb62f2390555fe9704873f09557f2e6d58e9f0b77aaab3dd48661346d945f634e5a987fa793d59d9fcae2e10ff20120d6f3749281a6f6ca3c34ae641059d33c68a12ff509753a820778540527d0ec5c46a6d2cde4c53642cb7d27ab636e10b0d762ecb132535f4b59a6b98adfc078209e2bb357ccc290e45263c4f07726ad76a146e936cbf04429226ab509400679be1d3717215c638f27caf22aaa888d6f8fc7cbd0dc548acf3e25594afe87dde22f94ad9ec51b1f9050327f27dd97d0f4433aff7bd4244edd772478a0af141be1445480f78c0b39d2d956aca66edd52aa1ff25c85cd1be864309d52f2e9cc623c77344f37caae22fdda0ed9d083f7d10d7f3eb970ee415cb93b305930fc106cf675d31270723dc6b4ba9fa4d3648dbf36467b6d9b245ef312b34596f46557bb4dfe1a614ffc5d03afc0c8e1ad9513b617b1f7a3f2910b2346b3c81e61f19e792524ff0328b5a2afb103b5fa4791f91935670f7bb0eb42138693fb91005c9d49767a807788a73c15a8299d82bf415db90d383524ab960b1feb8e5d4e427a21f0fcc13c588cbb6a8b7b0529069328ce1b25018c950f5717beb28592b4844bc828ffb0a7ece644708e947bda6a94593128b983356b09efc522e543b2cefe4181228d6b245ca56f558eee8f29c9373bef1ea932508863219741b7b2bbd9100f50c592974c9da9aaa7777fb2ba3d7eda5b12b9b70a719b83cc9a45cbd6df9cf7a9051c27fbdafe08b1612cc2cf415eda56cb3ac922c68ee3122a86e981616e250a7fdc7aca99d34dbaa870123cdae5c76f178e9887fe692065975b45bf150a62c89d5b04824fe82bb046999fe00eb66decb4ee81db1e36c91af299215c39eadcf9fc001af59e772885ed416b2a6cc56df0ecacb4c518e7204b01b337f48063bf335ee9e42ba9c73d3d01da17c2fbb262d3f53d65625c4d8620a50d727d7d1bbaf9aa776ba86f62f41c5df17e02ba6fe7b9e8e9c72394ae1897cfd9ee2293f57419b95947bef8c2d6a2560737a787cf65683ea92eb21d83716f99b810e9dec2773268dcb67977a9cf85267982a4d673989cc0456a532d69fe2566a5950bf52c06a84d425e549936b6a36cea883afead24c8ad58572767bf22579ee8514b7fe072f6480f9f4a2a429a2cf503ed8627d03b87a48fded75066ef361ee91d752fb4a2299b8eb2d7bfc9075363616a1f9fa90243c60c89be032e39887981d9e9110ac6dae33ac1a45b90749fcfbd28d62f9e789c30327b7880c2d62b98a086f22ec22d293eeab72615154433ead27c29921577654b10d1882e4ac25073c5923624fd40ebf92a2c689b01e035e1a8b37cb51f14d42f1176e7594aa507a2e1fd0f0316fd2130537a3eac4bda2e3ff96760d1d5432d26e18e7c5a8ecde69de46485f", 0x1000}, {&(0x7f0000001980)="664ffd5873ec8fdfcda9ed1278cf79092576a595b88d", 0x16}], 0x3, &(0x7f0000001a00)=[@cred={{0x1c, 0x1, 0x2, {r7, 0xee01, 0xee00}}}], 0x20, 0x10}}, {{&(0x7f0000001a40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001b40)=[{&(0x7f0000001ac0)="9e9f982ae5d991eb3eeb67b6bd2311b1808132a025636058dceee6d231fb4a0421a92d285f6c35fe24d5d81839e0605549768801ca5df8df968f0b37ad7eaa34b2a82b77c78814a5a08cec0ce679f45c42bc449468dd", 0x56}], 0x1, &(0x7f0000002e00)=ANY=[@ANYBLOB="3d00e2e0a6f18799080000040000000100400002000000", @ANYRES32=0x0, @ANYRES32=r8, @ANYRES32=0xee00, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x38, 0x20008002}}, {{&(0x7f0000001bc0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000002d40)=[{&(0x7f0000001c40)="3d0c6a8b6323908fe11d72885d9ce7343ee76e0c14802f76ada13b9e5d2df716e9ff7607a79619c304c40bdb287c3bb964fc9cf06eeebc3e3386cf8755ad2a789829d17046bb990f48e8a35c930472b03d47caaff5f6909f78a3564a5afe573802fcbed22cf7f302414c676a7aa10f225795a93b745c80d8dd86c48ac581bebfc30d988e746b4bd32229fdc846edb4d91342da83dc235e15d181351a4172615c2d7b3d79d12b26f2d709a53c303e79c52d9bd3da4fcca339bbc654be76d2398f80320482b4e64d1553335e0a7489f5cc9792c7620fb16f167f7cec8cc9aa6bd1b5b4f768d2fd2cd52376c4dd4d19d42d06629d4dc52369d7fc30ad0b886f045ff2d3c05f05b0ae9087471236d386b5ad50d830ef26f4fae93e037d781526587aaf3d1927807d9d5744edc4816f8892097494718f72d3de1adf0e8c98e9a54d5ccc9fcd0b9110e43b1eedd5765b7310d39550cf9483dae10e620671c505089d300124384b3825d6a558234030c2f8066362111392a1980270a2d63234b99a84f3afbaf08e36318278d058027ee42c7ccf3f0160602a5e7be5e789303d81dfe8efc29c0af89262cd10aec6347794176a0c5fffe48844db0509cba0a3727160cf6e20c8ec3073a7fe489145a2988d02d41778822b34e1dd7f231d8b5decea03507e92f7cefb7d8623715e4e7251860fe98cfef99fe9b58ab871f76506730686ce46ffbd2d27484069b2723e12e0c9a516871f592e2bd2139078574cb3767f3651c73a44760b4a8a7c9e153100dffcc3c5e7c169f23e0eca4884d1519f3a0f8eb922b48431983d997fed7fd2bb81b34d13a8e3dc29b70a6e3015cba9377cedca054ddfffdc33b7146ac32bd48fcf62ed3ddb1770304dcc679b834693c19d5eb90ef062d918ba29ba5b0635adb25ab0f454e8f04bab5f7df26fb6fea0df572c0ea514f81071a61bc36dc3ce8ae6c341f49026368d4c00ee230245b305118e76eb506c091dd1107f37dd4756320a1e1381832703c904608cf480dbce56d0681a4cc2982410119f9f2cb1a24c1b53a4d99edc63c16d7aab1fdc9cf4f29368b4c4e86c17083c727014db7d907b9ca136b2804bfbe1d3987cf3ec792478c6fc88b2023497ba23dbe3121f29e3abb55627007503e95a01a686bcbaa1fb1a01beca8967947b9cb9d1c53c3aa06cfa962eec54e4bbc08551d1f7bca6717b1e2ddd44f1b8ac067ca43c2e68b8ffb75ddee00a02a277552610ee0227b2fea9c6a94da4f6ba67ec193097b1ca69bfe0700b153125f1c28385d4688b8e08d53b15c1469c00fe512087bd563c6f612e8da4d4163acb3ce13a65c8a4f581fdd1cfc93f50eccbde24914a6fd98425c4c85b69f336d3867d4fb27e1db073a981a8801e8967c3b8977432e2f3573a920f6c5034d1d5b494961b029984713bfd1b12982c7c59d583c28e9f00cb650d0decec4bbb270bfdcb2ef5cb16ecc4b74c1ae548311f0e139782ee6bc4cd030b24f2340b6a1b5e898b861aad19e558bdc19243466e09a1412b51f395e028fd240ddf2bff498d5244da72f493743ba2874ff5ac97d1010a3572222abb7eb2791a372559e3b9300da7ea0840cb5fabcf0e41f831570410555f41546ab19a9d1b388ca35013dac6884967bba229550c6fa57c13ee9132104624bfdf137708b66da5250df5540ed143f9e914a734fdb17561ab9f77f936db500405d089c13941fb5c09ecc0fda4580eb2d908ba3c017bbca5ecc1480fee2b91958d956db28b97d8da2d0588dd2dd1e318b80c80647d8d52d42d01c66bf0132901c23aab13120b2b8dfe6bdee023123f9ac914e8c42d4dcb533010329f50ccb581e91b9afee9e8fd43ef2a623c7b3b3d22941aa9f135c82e90ffa4ce02623b8478d64e1e3ebd2a85f8e973349062c1ae7bdf08b4b5035bd31c00a9d41e92b241162c4689fccfe7acb763cc8627347338bdb5bd1d0c8e162f6d06b14ad2aab6b8bfaa1e9ffaef3b8ee22e6adcdd0c5a3855d4443ec4b34123d7f22e9e6b15989111b1fc373ee227d1ace01c80e92760fc9a097b9f99c8daad2a4c96891481ec1634b2951a24d839e0dd1aab57d4d717e653a67c26b0d12744230f079587a6f2fd056d41f4d46d992d870faba2b91a035cb7865018f287f42266e202409d9f746de417092d0821d4c9c1365b8f6a3f074ef43ea47411dbb700ad8ad03ba81f74ff0b79eea6333406d2f118f96b9c9387a03bff38ce191c995ba6c597aa80c5e2fff5b9094d8be48c02c0a06cf502d437ef190ff150b8c32f658313fb0c610cbb97323e6da8b5816868e109ecf48f459daf0d442112a0e9939ff8d24815b7464386cf3fa329e2da9222535f3abdb5ee09404446c4ccb9e047f84f7471b14ae7ae9b64a6c8da1fecb06530b71e2de8f867dd6b84a68fac7a85ae20a18cb452ea32956ebc34361e4b42f4e54fa57a42448e93003df26179cfa84821d64c035be52d7628a7112ec14dec60d0c6601b6f4e2e3b65c00f6a4ae0dc3fa99bfd3dd4c961281b969ac721a9f49a4873d8564f6fe26d56f9be3e2ab996367561ad54c646900b53c5c865ad52d7140a994bcde0012e26d813342aa7aef1acbfb361095ac7251c2dd16ceb5ab0f47489ab4e75d851a9fbb7023a6dcb1937612fc266d7e615fe39b253bb0463c3efbc64eef1dc2f734c5660462732d5034dbc99f23c8c455cfa1f9829df20fb89e6d78e22348590f383651beae9945faa082322f82d3d1ff07282169265038ae46640e2c3a901140c952a7b6c5b7edd7ac0cd65da8c3cbf9a397e0ab10ea35f93263c12ed28b4e9c522ef4a2cda40c5357aaffa969a7824f9fd4d3d1fdded50b45e8b768cb22910b61e824b6ce5d5e10270c453fe65cb3007df40ed61f74d4c72b2891fc61be66435c5fb3297363390fb561ee6defcecd83b851720ec13e3176499745021b9822cdd2de3b2d0ec7837d596fa23122ed274d2fe33931908099741db79bc6b551a235e23dca27ee95f724ed25a568becec154cbf8d12c12f438fa0e3f9988b51d116ed64f37756c7cce01ac49d46342a99fca37358d04eec5a67dcd53fd5925dd820ccfd361ed1f7f93d95e48c9d26ccb54a73f2791f24387579ecadc9c38eed2f1157df8b9107e21dc7b949e953decf0a0ed0a3c768e91411ff46e2a1d652cf1b815d4947c32cc3ae8cf3331e0e5a03dffb2c4cf22fee55bc1a5757ce0e35534f662e39419401eb96cd98adae00e83efd11be528229134705c29168a17c712c4dc498e54ac493f1a3c7d121d32aac7a6dd196ca33b766ce547ed2ef3c6e8c593f3167ce8554124d8db2c0acbb4b9c2415675a53558ac3feaec5243667c1842d9e20a30e63f4a38352e974808415baa829e385873f733c460a0866e81ace2fe23c5bf7ba1586d1ff5afc26d6585b46e01718a6f9b7b83fbc751fb82fcf3691020a9b2aca4b6b05789408588894f2369bb89f45e82b078bbc52a931096d38eb9ca407f36ea97c5992038eb04ddd8b2a66d3450f9092de4d0c45e1b675aed745bafe7e5b26040d8f1cea144d037b9412de14787c7ce270a34dbf3772cac14143e094d27f9168dd1882b467237b7ac63b72723fd8b04fd3f904757a33d88f71aae95309a6e8ceef8491247f825ecd7c08aeebe8fe17effbd2375137ee0e33c053616333f386155f92a79389f981ead208047e382fb50ba432ff9e42104b2248fdc634cc86dc9fc27098dfb135e88a66264f5da500e3fbc5ecf1d0c59bfda04b30a10c5ea980b9d6a96fd6065f85cff9cb1bbb77e00fda019ab416be969b277a14c80df4468aab87a5b8f34ab6b252e1656477dc995e5e65730e10d5e4d245004750bf16c3218aa9f1ea2ea07c8c5ff925d7b1f0c681816aac9c21a371aae568ddfc7dc1a90208e8a61aec60a653bce301deb6a2f1b3f753fae983c6e98cd80ef1ebfee175b29bb3689c8a541cff68e80df92a08c4f9b08c158efca015ed3e09b46b83c91f644257b617cb2ec41d2c6d40b5f823ad6e51b70495916b622435204b242f493145da1bbf81c3446a0c1c8ec4325c9080e5b503b54fc2ebe1c8901f25586bac7270490d8fc8cd37efbe4c0a87fbd7f31f0805b209755b7119d764fc937414f58b4aa88fb790b9a1e66f284dc59e72a329dd3820a4feeea9f59bf45c530a4d22456564ec4f2766d76a52e6c39e2a3067489c146f86537d17811e74d60e03851aeafd5301e8c6f8845669e7ffa87034449d0294c7effcf39589975a8edc6132a8aadc08526a0699487aca052b48f41524ba60bb48a51b3aa48f758a4de60c7ae16d3d1efccc8ef2dc4f7e7e0eaaa98a43c9a0ba266fba46bb5e8a385384b2001d766e750a1e181dadeef279696f88b0935ab1428f63fbf882a473f471273f345349b27ce0d4eea9de6eddb848fe609cabc614b57e687fb9360f2c4d606e5805dc21e8c3ce866ab6e6665c8fcc919897435cc2444212054301107e2ff6f4da047ddcedf88a442ef5ded0e7536daa7f5c120c7a467bc608c8a7af19307bae29d1652a3f3ccac83888e82be06efc61d2437cd7510a96eced6977238d9ae489d2f6b643e75e85086504b3000b859a266ba985fee6c240f2b98b9481f6b417a0b5cfddc557d93e37c602521b599125aa97d913b885dea20681c430e4a1441af456e85bae66e861009966f157e256efb25de81340cba2920adc64d7af947ec65f6ac04d645449ab119e5bc348be845d2b35a3c79ff7d921a740bc8f57d45b5665ec495996629ae8aa505c9ed56056f650dde12607410576ca58b5936b47ecaa33fc41125e61c71d1bf3d4d53577145b599860cad5d274d85c820bccd3a56543371562b7a79f19fa59de34081e3ceb70abecfdb2ec2da5fc20d599570206079e91d9c88e57e79606fc894c33b4cca7f4ad0bb9514bdf43f2198b2369b0bbff9454cc7eb5ed205e9a5fb92558366f9821df61c615bf499a67fb63d71e8a6507180f3a6134d0a67579d1ab5a7103a9447ab61258f9bafd777d3c266ff8ee0fb5e530f8b91f791c722dc96d582e82ca64e34524bd31f7c3d66eb47db1e70fcbb864f23778d31093cd8b590360ba409694273694af5d50f91c39a70434e45aa24d60bf5ede4ea4a74a44274189365a5d00a44a7a1004ba51ab4004e4f4eb145fae3c02cabe4f63263dd104bd350512e9569654be400ab2188837d762af32606eca990e5ab6d7394bdd93f0792ffabe4c0ed5cce7a9bc69ea2e7df65260d87b13ad13afdf404765680e79eacab40835bb4e05ff2d858ea20c66ff85b5bf5b60022c154db3e8db390eadc95dd0728ac54087912cec0fdb783163719fa2bb35d666668cfce4dfa203b7d4de96f041a805ded2b1976b4c6eaf17213b8299530a8b3325f2a388788238f7c740b6c40f9ad85c0c16b77474917083b35e1b33e47bbc1daeeeb63cdb00195548ded4b931b2f39566dfd09bbd76b9d3d4c044e497e2b0f5ae34dc067274b4293753ffa9574f3eecc8f7f8997196d3834950c5ec716dd79f78f4fa33d5bf6ba3b3abd96ad54ccd6a4f609aebddff1a06b848ae6894e49a91afb501140ca55ffcc499d63225f7f0e4ccf5ceb12255cf126d84d3ac0987ce1aa373c115413f1f04d3d8cd52f13638d209fef0910547886aded8d2a05e1f4f21668102403fe3f06a2a81f2598bf5d3755d86aeae7dbdadaee7094c689c452f2b83bfa78ea4b77a912cbc4fd3abd971c2d61179f996cbcfa8b3f4b42f4844ae0c7d648b60faa455461d1dc4cfcc07d63228d3fe5dd9c4627beae1cbd92ec0", 0x1000}, {&(0x7f0000002c40)="61e2352961b1cf1e1218408c1aea543f8d4f7c529a4ab3bd4442acd7bc17fbae761a31d08e1c2e4da56c9f569b8cf46f644735ff2c712ca7737a6ea1465ff3d1f9f0b1b8ebb345b113bd1e1bf4373b82bd19b764cd82411268298b52e51786cf419812beee93e891124b0f23d57a2eb8e64ab0715c9e7b356b9d0a177f993d448c53acffc6fc195794c65de363e4cebfedeed21afb91cb44d7bdc23d0596e70f0cc8afe0696ec53ce39607a57109a5b8ba40424bf2fc78a101e3a28ceb649d0e6ce06486b6098a41d8837c625b923d004fa7504b0da1a90e220eafac27ec1fd585f1ba41fc33dd229ebe69377d00fc12", 0xf0}], 0x2, 0x0, 0x0, 0x4000000}}, {{&(0x7f0000002d80)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f00000030c0)=[{&(0x7f0000002e00)}, {&(0x7f0000002e40)="f400de691d4df211a1931440bdb5d376628151e13b712f1e55511f9253358454dd9aeaac45e167a07fa53e69cf3ebfa9e1ceb1e713ecc0b73824386c5d3889097aa26b0a886d6442296f67a4cc47a299d711e62a39f9f4b87e23cb1fe7215a3d467a7e", 0x63}, {&(0x7f0000002ec0)="568878c167a8d6f7e3f1d3ca286394edbc242686d5cf3515f55a556c62353d25c543d349466a1c8138caba025dc3b921c492859f44761e42920e0b70e548a9f8a6affa6f260eea4c2aeb3f02b95bb9ce4ce8aaeec011783409997ccf3093dc1d02b955c9760f15858d03317636b1c265e88f6b117582dc7500e5e5f9f61dc616f702c96712b6f43e1d88879e667e15bcd1f4de06da3e39fd5e7afea1688af62303a4e5c2ba1991b04e83931f849d10acf2a98c33c0d1909160ade82557635a3508faeefe051346837dc802ea174e38a6dc0bf6c6c35c2e9e0bc78014f6", 0xdd}, {&(0x7f0000002fc0)="c6851ab40f1938376749605293ccedbe97c6f4f88d79bc0dd3bd842b50747ab54b8f0331e0106293f916554129f480d1aee4a5a60f0d14764d7e7ec83a8dabc9ede895522d4949a4b73bb9493d5b25efddb0f718fa59283a9c2c02f6851add71869114c6b1ac9fa9947826913f27e1bc", 0x70}, {&(0x7f0000003040)="e201385afa6f00666dbba0a56a40a88626242caf824c8933ba14bce7891cc9b66f200bd57268f0e8003523a09580e42136554c3f9eb3057ccc0803e676f661708fa3", 0x42}], 0x5, 0x0, 0x0, 0x24040000}}], 0x5, 0x4000) chdir(&(0x7f0000000140)='./file0\x00') r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r10, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) bind$unix(r9, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendfile(r10, r9, 0x0, 0xfffffdef) 10:13:02 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x0, &(0x7f0000000600)) syz_io_uring_submit(0x0, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1778.960322] loop2: detected capacity change from 0 to 40 [ 1779.001619] loop1: detected capacity change from 0 to 40 10:13:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1779.023674] loop5: detected capacity change from 0 to 40 10:13:03 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1779.150934] syz-executor.1: attempt to access beyond end of device [ 1779.150934] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1779.152504] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1779.193010] syz-executor.5: attempt to access beyond end of device [ 1779.193010] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1779.194559] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1779.231494] loop4: detected capacity change from 0 to 40 [ 1779.553534] syz-executor.4: attempt to access beyond end of device [ 1779.553534] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1779.556349] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:13:18 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:13:18 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:18 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:13:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) fallocate(r1, 0x8, 0x7d2c, 0x4) 10:13:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 69) [ 1794.575339] loop4: detected capacity change from 0 to 40 10:13:18 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 64) 10:13:18 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:18 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1794.624662] loop5: detected capacity change from 0 to 40 [ 1794.628110] loop6: detected capacity change from 0 to 40 [ 1794.642633] FAT-fs (loop6): bogus number of reserved sectors [ 1794.643215] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1794.643530] loop1: detected capacity change from 0 to 40 [ 1794.846264] syz-executor.5: attempt to access beyond end of device [ 1794.846264] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1794.848090] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1794.858604] syz-executor.1: attempt to access beyond end of device [ 1794.858604] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1794.860547] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:13:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 70) 10:13:19 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1795.067690] syz-executor.4: attempt to access beyond end of device [ 1795.067690] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1795.069361] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1795.200612] loop5: detected capacity change from 0 to 40 [ 1795.273756] syz-executor.5: attempt to access beyond end of device [ 1795.273756] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1795.275421] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:13:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 65) 10:13:33 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:33 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$nfs4(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x3, 0x8, &(0x7f00000006c0)=[{&(0x7f0000000280)="4512", 0x2, 0x2}, {&(0x7f00000002c0)="e0145fe6c48ec58d6568cf56009e9690c174f80fc8fccaad10d43ce8fa596a71e5db2cf9609f272c4f987f852256b4961cb331e710ea34ad782bd869ea523e019d64e74b39c289b6f80ae282695ac1648bac8b901a861d570183d3ebb7a8b0c30b45dd13d3e1e65ed2646e97d19b4cd29d4bec45fd4207f5799b8b95794f79d7969627ab7ed47e35fe18b3f82bc5d8d8d91c5e302809bf052fa8cad01195695e9b2b778507e849", 0xa7, 0x80}, {&(0x7f0000000380)="f7ffbe97d7c65a96d8301e712e860d701b9a2e061054ca7c3400b1c125a81f88bbea8558ecc5b6d67365dec33d1e3e2645143695efecee72b57bdf12fe1b80c98d7b47e0e7c7973668c2e6f1dec32c73563acae4739993ea37e1b052fd7c99767868603b324e6077c5fe59f584527d436a698e101a98e605f68255cbc7c1dc33582f177e00c1b91d8e4401e8bab35c8ef4108f9be2b1bfadb559bbc7685ee8b30c1c502cf15ba4dd78d70e93b4a77c645639753412d605c25d5958db8d7d3f5d1f2e4cfd6d2d321527ccb1fadc2bfb0c1c3238b3bf571b01520737328e4f1aa662bda27b2ab36ad9ffb5f956", 0xec, 0x6}, {&(0x7f0000000480)="1597700bab488f8785cfccad43ab1973b8c657f8775a50fe635c104ade177d49a9f34f968e0fab9fd9bf64f13d60f8dc1494f7fd0caa544cf980e55a074e16b571d06b55be8a98ac2270d46e6af66caf047c929a9228f9d3ee9dfc2f563fb5b3b9a6fa96d3d9d9", 0x67, 0x40}, {&(0x7f0000000500)="413dac30e1f59f2af5fa3ac73a2b639fc11ed0a258cfd408c79f9a69d449debbd82efbbf48b87896fa65d9859199e47fb33ad99951fe2f91e9dff1d40e3177e79542e5f7d14ffc7d802cc606c8c86b0315bab6e90a45472d0e314b373dd94e483d31dd8416979a415334f8ef25384b28ac9d955a81ad", 0x76, 0x263}, {&(0x7f0000000580)="489df405932c2b702284cd50b70b4908db3eb36963e3e23863b0", 0x1a, 0x8d}, {&(0x7f00000005c0)="c80c2f1b7a3f2e808fb889892d4799acb5cadcc9e7d0fea9e2e72a03c347ebfa440f299a401929383b87d388a45ae9122cfb245d4c77be58be3323ac46de7a907084665469beb8da3209966ef1b6ecc65b0fd30520cf6e1ae82755fd4d8a7f01906f04f84b19e0d37080610cfe8795082964e2a760509e1ac28324b1bc8c86d4a615bead9745e5ddc1aee98073aac41d6e75c4988a9415e6a3120ce1c4677bd10f0114e52070ac0b642a48fb5c5b2fd6cf2eb3ff4e", 0xb5, 0x6}, {&(0x7f0000000680)="a736631a2eae099f3db261af8fa2a7685f63d517e37a99ec660814102b475550ca286e56b3e8c6af", 0x28, 0xffffffffffffff00}], 0x4000, &(0x7f0000000780)={[{'vfat\x00'}, {'\x81\\#'}, {'ethtool\x00'}, {'vfat\x00'}, {'ethtool\x00'}, {'vfat\x00'}, {}, {')^+\xdd*'}, {'ethtool\x00'}], [{@fsuuid={'fsuuid', 0x3d, {[0x39, 0x33, 0x36, 0x31, 0x33, 0x35, 0x33, 0x65], 0x2d, [0x31, 0x32, 0x62, 0x61], 0x2d, [0x65, 0x38, 0x59, 0x30], 0x2d, [0x64, 0x39, 0x65, 0x38], 0x2d, [0x0, 0x30, 0x64, 0x30, 0x1, 0x66, 0x37, 0x34]}}}]}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="8a9b0000", @ANYRESHEX, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) dup2(r0, r3) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r1, 0x0, 0xfffffdef) 10:13:33 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:33 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:13:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 71) 10:13:33 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:13:33 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1809.938902] loop4: detected capacity change from 0 to 40 [ 1809.947698] loop1: detected capacity change from 0 to 40 [ 1809.953294] loop5: detected capacity change from 0 to 40 [ 1809.993014] FAULT_INJECTION: forcing a failure. [ 1809.993014] name failslab, interval 1, probability 0, space 0, times 0 [ 1809.993769] CPU: 0 PID: 9123 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1809.994300] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1809.994850] Call Trace: [ 1809.995031] [ 1809.995195] dump_stack_lvl+0x8f/0xb7 [ 1809.995485] should_fail_ex.cold+0x5/0xa [ 1809.995781] should_failslab+0x9/0x20 [ 1809.996052] __kmem_cache_alloc_node+0x5b/0x400 [ 1809.996375] ? iter_file_splice_write+0x169/0xcb0 [ 1809.996721] ? iter_file_splice_write+0x169/0xcb0 [ 1809.997055] __kmalloc+0x46/0xc0 [ 1809.997298] iter_file_splice_write+0x169/0xcb0 [ 1809.997637] ? generic_file_splice_read+0x1bc/0x4d0 [ 1809.997990] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1809.998346] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1809.998396] loop6: detected capacity change from 0 to 40 [ 1809.998713] ? inode_security+0x105/0x140 [ 1809.998747] ? security_file_permission+0xb5/0xe0 [ 1810.000039] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1810.000399] direct_splice_actor+0x113/0x180 [ 1810.000718] splice_direct_to_actor+0x33a/0x8c0 [ 1810.001050] ? __pfx_direct_splice_actor+0x10/0x10 [ 1810.001406] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1810.001769] ? security_file_permission+0xb5/0xe0 [ 1810.002121] do_splice_direct+0x1bc/0x290 [ 1810.002417] ? __pfx_do_splice_direct+0x10/0x10 [ 1810.002758] ? lock_is_held_type+0xdb/0x130 [ 1810.003063] do_sendfile+0xb1d/0x1280 [ 1810.003363] ? __pfx_do_sendfile+0x10/0x10 [ 1810.003664] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1810.004011] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1810.004412] __x64_sys_sendfile64+0x248/0x2a0 [ 1810.004744] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1810.005097] ? syscall_enter_from_user_mode+0x21/0x50 [ 1810.005463] ? syscall_enter_from_user_mode+0x21/0x50 [ 1810.005834] do_syscall_64+0x3f/0x90 [ 1810.006099] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1810.006471] RIP: 0033:0x7f7c47a26b19 [ 1810.006727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1810.007979] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1810.008505] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1810.009013] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1810.009512] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1810.010012] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1810.010507] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1810.011025] [ 1810.026288] FAT-fs (loop6): bogus number of reserved sectors [ 1810.027362] FAT-fs (loop6): Can't find a valid FAT filesystem 10:13:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 66) [ 1810.167656] syz-executor.5: attempt to access beyond end of device [ 1810.167656] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1810.169300] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:13:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 72) 10:13:34 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1810.415705] loop5: detected capacity change from 0 to 40 [ 1810.416416] loop1: detected capacity change from 0 to 40 10:13:34 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1810.479512] syz-executor.5: attempt to access beyond end of device [ 1810.479512] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1810.480383] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:13:34 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:13:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 73) 10:13:34 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1810.584766] syz-executor.4: attempt to access beyond end of device [ 1810.584766] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1810.587421] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1810.600558] syz-executor.1: attempt to access beyond end of device [ 1810.600558] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1810.602184] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1810.602273] loop5: detected capacity change from 0 to 40 [ 1810.673071] syz-executor.5: attempt to access beyond end of device [ 1810.673071] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1810.673940] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:13:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 74) 10:13:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 67) [ 1810.822696] loop5: detected capacity change from 0 to 40 10:13:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1810.910433] loop4: detected capacity change from 0 to 40 [ 1811.020543] syz-executor.5: attempt to access beyond end of device [ 1811.020543] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1811.022561] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1811.041740] loop1: detected capacity change from 0 to 40 10:13:35 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = dup2(r1, r1) write$P9_RAUTH(r2, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x0, 0x4, 0x2}}, 0x14) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1811.130105] FAULT_INJECTION: forcing a failure. [ 1811.130105] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1811.131710] CPU: 0 PID: 9163 Comm: syz-executor.1 Not tainted 6.1.0-rc6-next-20221125 #1 [ 1811.132725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1811.133723] Call Trace: [ 1811.134061] [ 1811.134370] dump_stack_lvl+0x8f/0xb7 [ 1811.134897] should_fail_ex.cold+0x5/0xa [ 1811.135450] prepare_alloc_pages+0x178/0x500 [ 1811.136057] __alloc_pages+0x149/0x500 [ 1811.136620] ? __pfx___alloc_pages+0x10/0x10 [ 1811.137230] ? perf_trace_lock+0xf0/0x560 [ 1811.137778] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 1811.138464] ? __pfx_perf_trace_lock+0x10/0x10 [ 1811.139080] alloc_pages+0x1a0/0x260 [ 1811.139591] filemap_alloc_folio+0x32a/0x410 [ 1811.140177] ? __filemap_get_folio+0x254/0xc90 [ 1811.140835] ? __pfx_lock_release+0x10/0x10 [ 1811.141403] ? __pfx_filemap_alloc_folio+0x10/0x10 [ 1811.142016] ? xas_start+0x157/0x6a0 [ 1811.142516] ? xas_load+0x6a/0x140 [ 1811.142994] __filemap_get_folio+0x32c/0xc90 [ 1811.143597] ? __pfx___filemap_get_folio+0x10/0x10 [ 1811.144249] ? finish_task_switch.isra.0+0x228/0x8a0 [ 1811.144904] ? __pfx_lock_release+0x10/0x10 [ 1811.145482] pagecache_get_page+0x2e/0x130 [ 1811.146044] ? __pfx_fat_get_block+0x10/0x10 [ 1811.146631] block_write_begin+0x35/0x450 [ 1811.147163] ? lockdep_hardirqs_on+0x7d/0x100 [ 1811.147782] cont_write_begin+0x4fe/0x700 [ 1811.148373] ? __schedule+0x92e/0x25d0 [ 1811.148968] ? __pfx_fat_get_block+0x10/0x10 [ 1811.149548] ? __pfx_cont_write_begin+0x10/0x10 [ 1811.150139] ? __mark_inode_dirty+0x68c/0xe70 [ 1811.150760] fat_write_begin+0x89/0x180 [ 1811.151295] ? __pfx_fat_get_block+0x10/0x10 [ 1811.151883] generic_perform_write+0x25a/0x580 [ 1811.152487] ? __pfx_generic_perform_write+0x10/0x10 [ 1811.153122] ? __pfx_fat_update_time+0x10/0x10 [ 1811.153728] ? __pfx_file_update_time+0x10/0x10 [ 1811.154331] ? generic_write_checks+0x2c0/0x400 [ 1811.154952] __generic_file_write_iter+0x2de/0x480 [ 1811.155594] ? __x64_sys_sendfile64+0x248/0x2a0 [ 1811.156214] generic_file_write_iter+0xe7/0x350 [ 1811.156831] do_iter_readv_writev+0x211/0x3c0 [ 1811.157495] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1811.158249] ? avc_policy_seqno+0xd/0x70 [ 1811.158870] ? security_file_permission+0xb5/0xe0 [ 1811.159553] do_iter_write+0x18b/0x700 [ 1811.160068] ? lock_is_held_type+0xdb/0x130 [ 1811.160656] vfs_iter_write+0x74/0xb0 [ 1811.161173] iter_file_splice_write+0x73e/0xcb0 [ 1811.161819] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1811.162489] ? __pfx_generic_file_splice_read+0x10/0x10 [ 1811.163182] ? inode_security+0x105/0x140 [ 1811.163766] ? security_file_permission+0xb5/0xe0 [ 1811.164422] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1811.165106] direct_splice_actor+0x113/0x180 [ 1811.165717] splice_direct_to_actor+0x33a/0x8c0 [ 1811.166353] ? __pfx_direct_splice_actor+0x10/0x10 [ 1811.167015] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1811.167697] ? security_file_permission+0xb5/0xe0 [ 1811.168355] do_splice_direct+0x1bc/0x290 [ 1811.168902] ? __pfx_do_splice_direct+0x10/0x10 [ 1811.169541] ? lock_is_held_type+0xdb/0x130 [ 1811.170116] do_sendfile+0xb1d/0x1280 [ 1811.170646] ? __pfx_do_sendfile+0x10/0x10 [ 1811.171200] ? syscall_enter_from_user_mode+0x1c/0x50 [ 1811.171872] ? perf_trace_preemptirq_template+0xa6/0x410 [ 1811.172583] __x64_sys_sendfile64+0x248/0x2a0 [ 1811.173186] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1811.173833] ? syscall_enter_from_user_mode+0x21/0x50 [ 1811.174507] ? syscall_enter_from_user_mode+0x21/0x50 [ 1811.175193] do_syscall_64+0x3f/0x90 [ 1811.175731] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1811.176408] RIP: 0033:0x7f7c47a26b19 [ 1811.176890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1811.179046] RSP: 002b:00007f7c44f9c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1811.179999] RAX: ffffffffffffffda RBX: 00007f7c47b39f60 RCX: 00007f7c47a26b19 [ 1811.180880] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1811.181751] RBP: 00007f7c44f9c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1811.182630] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002 [ 1811.183580] R13: 00007ffef678879f R14: 00007f7c44f9c300 R15: 0000000000022000 [ 1811.184499] 10:13:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 75) [ 1811.219299] syz-executor.4: attempt to access beyond end of device [ 1811.219299] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1811.222071] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1811.244129] loop6: detected capacity change from 0 to 40 [ 1811.262938] FAT-fs (loop6): bogus number of reserved sectors [ 1811.263752] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1811.339429] syz-executor.1: attempt to access beyond end of device [ 1811.339429] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1811.341070] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:13:35 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1811.400981] loop5: detected capacity change from 0 to 40 [ 1811.486423] syz-executor.5: attempt to access beyond end of device [ 1811.486423] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1811.488209] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1825.399545] loop6: detected capacity change from 0 to 40 10:13:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) openat(r1, &(0x7f0000000000)='./file1\x00', 0x10803, 0xc2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r0, 0x0, 0xfffffdef) 10:13:49 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:49 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:13:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 68) 10:13:49 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) syz_io_uring_submit(0x0, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1825.413605] loop1: detected capacity change from 0 to 40 10:13:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, 0x0) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:13:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 76) 10:13:49 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1825.436294] loop5: detected capacity change from 0 to 40 [ 1825.439952] FAT-fs (loop6): bogus number of reserved sectors [ 1825.440365] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1825.441073] loop4: detected capacity change from 0 to 40 [ 1825.491429] syz-executor.5: attempt to access beyond end of device [ 1825.491429] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1825.492392] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1825.591396] syz-executor.1: attempt to access beyond end of device [ 1825.591396] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1825.592442] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:13:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 77) 10:13:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 69) [ 1825.741442] loop5: detected capacity change from 0 to 40 [ 1825.808146] loop1: detected capacity change from 0 to 40 10:13:49 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1825.890324] syz-executor.5: attempt to access beyond end of device [ 1825.890324] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1825.891681] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:13:49 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1825.959780] syz-executor.1: attempt to access beyond end of device [ 1825.959780] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1825.960749] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1825.980725] syz-executor.4: attempt to access beyond end of device [ 1825.980725] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1825.982415] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:13:50 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) syz_io_uring_submit(0x0, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:13:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 78) 10:13:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 70) [ 1826.112975] loop5: detected capacity change from 0 to 40 [ 1826.135640] loop1: detected capacity change from 0 to 40 [ 1826.193234] syz-executor.1: attempt to access beyond end of device [ 1826.193234] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1826.194375] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1826.208349] syz-executor.5: attempt to access beyond end of device [ 1826.208349] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1826.209524] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:02 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) syz_io_uring_submit(0x0, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:14:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, 0x0) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:02 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:02 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:02 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 71) 10:14:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 79) [ 1838.995162] loop6: detected capacity change from 0 to 40 10:14:02 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:02 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x1080400, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, &(0x7f0000000000)=0x5, 0x7) sendfile(r2, r1, 0x0, 0xfffffdef) [ 1839.022280] FAT-fs (loop6): bogus number of reserved sectors [ 1839.023935] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1839.037806] loop4: detected capacity change from 0 to 40 [ 1839.077780] loop1: detected capacity change from 0 to 40 [ 1839.089782] loop5: detected capacity change from 0 to 40 [ 1839.328204] syz-executor.5: attempt to access beyond end of device [ 1839.328204] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1839.329252] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1839.335486] syz-executor.1: attempt to access beyond end of device [ 1839.335486] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1839.336385] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:14:03 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 80) 10:14:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 72) [ 1839.536790] loop1: detected capacity change from 0 to 40 [ 1839.547232] loop5: detected capacity change from 0 to 40 [ 1839.556124] syz-executor.4: attempt to access beyond end of device [ 1839.556124] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1839.558317] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1839.690666] syz-executor.1: attempt to access beyond end of device [ 1839.690666] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1839.692377] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1839.696577] syz-executor.5: attempt to access beyond end of device [ 1839.696577] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1839.698222] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:18 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:18 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:18 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 73) 10:14:18 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:18 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:14:18 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, 0x0) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 81) 10:14:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000000)={0x0, 0x2, r0, 0xb622, 0x80000}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1854.214622] loop6: detected capacity change from 0 to 40 [ 1854.232792] loop1: detected capacity change from 0 to 40 [ 1854.243277] FAT-fs (loop6): bogus number of reserved sectors [ 1854.244283] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1854.284141] loop4: detected capacity change from 0 to 40 [ 1854.286368] loop5: detected capacity change from 0 to 40 [ 1854.336700] syz-executor.1: attempt to access beyond end of device [ 1854.336700] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1854.337918] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1854.395642] syz-executor.5: attempt to access beyond end of device [ 1854.395642] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1854.396754] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:18 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 74) 10:14:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 82) [ 1854.598777] loop1: detected capacity change from 0 to 40 [ 1854.661232] loop5: detected capacity change from 0 to 40 10:14:18 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1854.847120] syz-executor.1: attempt to access beyond end of device [ 1854.847120] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1854.848976] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1854.862089] syz-executor.5: attempt to access beyond end of device [ 1854.862089] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1854.863719] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:18 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:19 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 83) 10:14:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 75) 10:14:19 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(0xffffffffffffffff, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0xc68, &(0x7f0000000180)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000000), &(0x7f00000000c0), 0x2, 0x0) [ 1855.312093] loop5: detected capacity change from 0 to 40 10:14:19 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1855.335103] loop1: detected capacity change from 0 to 40 [ 1855.410217] loop4: detected capacity change from 0 to 40 [ 1855.437372] loop6: detected capacity change from 0 to 40 [ 1855.437468] syz-executor.5: attempt to access beyond end of device [ 1855.437468] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1855.439952] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1855.455509] FAT-fs (loop6): bogus number of reserved sectors [ 1855.456366] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1855.477689] syz-executor.1: attempt to access beyond end of device [ 1855.477689] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1855.479291] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:14:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 84) 10:14:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 76) [ 1855.865207] loop1: detected capacity change from 0 to 40 [ 1855.871268] loop5: detected capacity change from 0 to 40 [ 1855.977340] syz-executor.4: attempt to access beyond end of device [ 1855.977340] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1855.979573] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1856.066328] syz-executor.1: attempt to access beyond end of device [ 1856.066328] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1856.068026] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1856.084069] syz-executor.5: attempt to access beyond end of device [ 1856.084069] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1856.085736] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) chown(&(0x7f0000000000)='./file1\x00', 0xee00, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x700, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000180)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:34 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:34 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 85) 10:14:34 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x0, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:34 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r4}}, 0xfffffeff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1870.177190] loop4: detected capacity change from 0 to 40 10:14:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(0xffffffffffffffff, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 77) [ 1870.199335] loop6: detected capacity change from 0 to 40 [ 1870.201444] FAT-fs (loop6): bogus number of reserved sectors [ 1870.201854] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1870.207365] loop5: detected capacity change from 0 to 40 [ 1870.253789] loop1: detected capacity change from 0 to 40 [ 1870.320679] syz-executor.5: attempt to access beyond end of device [ 1870.320679] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1870.321499] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1870.383708] syz-executor.1: attempt to access beyond end of device [ 1870.383708] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1870.384703] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:14:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 86) 10:14:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 78) [ 1870.615881] loop5: detected capacity change from 0 to 40 [ 1870.647366] syz-executor.4: attempt to access beyond end of device [ 1870.647366] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1870.649341] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1870.663082] loop1: detected capacity change from 0 to 40 10:14:34 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:34 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, 0x0, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1870.735788] syz-executor.5: attempt to access beyond end of device [ 1870.735788] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1870.737060] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:34 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x0, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1870.814063] syz-executor.1: attempt to access beyond end of device [ 1870.814063] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 10:14:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(0xffffffffffffffff, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1870.816206] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1870.914302] loop4: detected capacity change from 0 to 40 [ 1871.165459] syz-executor.4: attempt to access beyond end of device [ 1871.165459] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1871.167272] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:14:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 87) 10:14:50 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1886.687760] loop4: detected capacity change from 0 to 40 10:14:50 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x0, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:50 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 79) 10:14:50 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) creat(&(0x7f0000000000)='./file0\x00', 0x44) 10:14:50 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, 0x0, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1886.728774] loop1: detected capacity change from 0 to 40 [ 1886.768808] loop5: detected capacity change from 0 to 40 [ 1886.789652] loop6: detected capacity change from 0 to 40 [ 1886.798472] syz-executor.1: attempt to access beyond end of device [ 1886.798472] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1886.799461] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1886.802458] FAT-fs (loop6): bogus number of reserved sectors [ 1886.802935] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1886.881724] syz-executor.5: attempt to access beyond end of device [ 1886.881724] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1886.882683] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 80) 10:14:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 88) [ 1887.100756] syz-executor.4: attempt to access beyond end of device [ 1887.100756] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1887.103746] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1887.108706] loop1: detected capacity change from 0 to 40 [ 1887.194554] loop5: detected capacity change from 0 to 40 [ 1887.276611] syz-executor.1: attempt to access beyond end of device [ 1887.276611] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1887.278048] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:14:51 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x0, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) [ 1887.426396] syz-executor.5: attempt to access beyond end of device [ 1887.426396] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1887.427717] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:14:51 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, 0x0, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:14:51 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:14:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 81) 10:14:51 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1887.572787] loop4: detected capacity change from 0 to 40 10:14:51 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 89) [ 1887.674820] loop1: detected capacity change from 0 to 40 [ 1887.733713] loop5: detected capacity change from 0 to 40 10:14:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:14:51 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x70404, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) chroot(&(0x7f00000000c0)='./file0\x00') write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = openat(r1, &(0x7f0000000000)='./file1\x00', 0x40000, 0x2) sendfile(r2, r1, 0x0, 0xfffffdef) readlinkat(r3, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)=""/151, 0x97) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x6}}, './file1\x00'}) ioctl$AUTOFS_DEV_IOCTL_FAIL(r4, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xf, 0xb0000}}, './file1\x00'}) [ 1887.843175] syz-executor.1: attempt to access beyond end of device [ 1887.843175] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1887.845048] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1887.875699] syz-executor.5: attempt to access beyond end of device [ 1887.875699] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1887.877395] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1887.934528] loop6: detected capacity change from 0 to 40 [ 1887.966466] FAT-fs (loop6): invalid media value (0x00) [ 1887.967093] FAT-fs (loop6): Can't find a valid FAT filesystem 10:14:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 82) 10:14:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 90) [ 1888.096730] loop1: detected capacity change from 0 to 40 [ 1888.121356] syz-executor.4: attempt to access beyond end of device [ 1888.121356] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1888.124002] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1888.211293] loop5: detected capacity change from 0 to 40 10:14:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1888.307639] syz-executor.1: attempt to access beyond end of device [ 1888.307639] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1888.309321] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1888.414276] loop4: detected capacity change from 0 to 40 [ 1888.431591] syz-executor.5: attempt to access beyond end of device [ 1888.431591] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1888.433605] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:15:09 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x0, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:09 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:15:09 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, 0x0, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) splice(0xffffffffffffffff, &(0x7f0000000000)=0x1800000000000, r1, &(0x7f00000000c0)=0x101, 0x6, 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:09 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 91) 10:15:09 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 83) [ 1905.301719] loop5: detected capacity change from 0 to 40 [ 1905.307197] loop4: detected capacity change from 0 to 40 [ 1905.308320] loop1: detected capacity change from 0 to 40 [ 1905.312316] loop6: detected capacity change from 0 to 40 [ 1905.331401] FAT-fs (loop6): invalid media value (0x00) [ 1905.332182] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1905.549745] bio_check_eod: 1 callbacks suppressed [ 1905.549772] syz-executor.1: attempt to access beyond end of device [ 1905.549772] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1905.552302] buffer_io_error: 1 callbacks suppressed [ 1905.552321] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1905.578748] syz-executor.5: attempt to access beyond end of device [ 1905.578748] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1905.580678] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 1905.736194] syz-executor.4: attempt to access beyond end of device [ 1905.736194] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1905.738494] Buffer I/O error on dev loop4, logical block 10, lost async page write 10:15:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 84) [ 1905.919602] loop1: detected capacity change from 0 to 40 [ 1905.992003] syz-executor.1: attempt to access beyond end of device [ 1905.992003] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1905.993398] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:15:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 92) 10:15:24 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, 0x0, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 85) 10:15:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x800000, 0x0, &(0x7f0000000200), 0x1120cd0, &(0x7f0000000000)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffffeffffffff) 10:15:24 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x0, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:24 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1920.195317] loop5: detected capacity change from 0 to 40 [ 1920.217163] loop1: detected capacity change from 0 to 40 [ 1920.249515] loop4: detected capacity change from 0 to 40 [ 1920.255774] loop6: detected capacity change from 0 to 40 [ 1920.276044] FAT-fs (loop6): invalid media value (0x00) [ 1920.276801] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1920.296201] syz-executor.1: attempt to access beyond end of device [ 1920.296201] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1920.297170] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1920.357964] syz-executor.5: attempt to access beyond end of device [ 1920.357964] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1920.359620] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:15:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 86) [ 1920.398090] loop1: detected capacity change from 0 to 40 10:15:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) openat(r1, &(0x7f00000001c0)='./file1\x00', 0x68000, 0x100) sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000240)="6579bcdb0ccbdc0b6b7b666d4084a5d7ab37d6a806f7d62ade30b31f90fed4da2fd884d95106e1690bcca886cef90231b9aa55cc37cdad67a952c2d4f959a35b358b360cf6c043cb35e482e81f9132ca94f1bb199fe6299b656aae6f6cb705ce4e7d811d5e6eca38151beca01363ba6d60a808f80cdb5be2f1cb028a9b26060d0b4ec69b61dd0da95012b5f0f6b50982c0e95fb9dfbcabbdddab086572a967c4c0212f3409e2c74476808fa319b1395e7b517940e2be212682ce660cc0ca102686e2dc3ce5afc92247d3306551f8ab68e8c729af8b55f170bcbf6118d35ef48bd6d42cf7a80e3b8810b67ec944c8f312c995ea44ee84de992e9965c2216390af717b7c26739f31bceaaff70cfe075f99a8fdd69b8ece69020b894f1fced9d0eb5aae768ae09ebd55349c893ebddaf42081488d8a15e86fe59c83220be27ba2bc4fbd33292dc6bb2935a4f8d1775e3e103132f586b66f419616cb9e25ef0de7986aff0dcd25def901ba811818d3537b1fc68bc475a8e36a22e2ef949b37ecec65f050efcc19ea7556c3370135dfb8abea3180258e1ffc8683a2675f5fe7d0dc7860c9b07f7415a47fb7a823144f5a5ff38357da295962d8e9978f09a9297c300f47abc63f4c7a09d1845fbbc714d6ff9082479e9e39f56cb9c1b41d6c94ec181262c786e34c024c434233afcf98aa6a40d6a6ffdf1cd1ca0f8b157096702eda8b98df357796ff5a66771b6040c880fabd56d113d75bd2d5dac72d2ab47518b52a96705f85bc0ad098f30b6ff6204f0c02e030672f6545dbb23bcbbdc714748c419a3eda385ac3160ebaf08234c8af4ed9f15e4cc18127f485cb99c9c08a4baba389ee0d0252937bac127c39dfaa95e592cf40a813c4fc09d7326da1a817a82eabf84a65157c8a4c76ee8b7562943a1da610451c279ac6511fa9850bfb8f8313e076678d1c4f63c8bc68244f7ef01a9b70691be350669db109e9661790cb5428ad7105753898239bee0583301d0ce3ea90b84fa4d31aa75cfa9d87ea57ee1ae40ade49e2007b469ebccb77a413229d6fd9fcc18165a0f7c02aef4a992278ff6e2b6105da08c1e316408f1bb98a47aa8d55dc111f1736b826dd35dd28210ad8a7819f330df98725f41dadf7937bad21819ef1bf20eadbae7b8d585523435414dae3d70c280f3ea1ceeb68b9950290078755d68582c9bd395c45a820b3a498585fbf546e84c060b3e3de35c3a6c7c8eae454a0608a9bd0bb958736619c07b87b803f4045cb89b282523e74bcac5f830bc9aff385d57afeeb6fe9f9109658de37f76d63436f49ed56ef87c4a256825acd9345126cee438c90f9de87064a3f8cd8b2057076e9082e5f9f6b8b017eebe34773ef39357b1e1b03467ddd991f6809f949dae0a81bbdbd90fe1f329fbdc90f9905158b04d702fc02ca41242ad78be4fe15cfa3ac41f57a447678d2125ee87cd8f3f2823c2f346b9acdadd099c4e30677bad400a3516b923f89aa3df0a53cf70a6929c83ed146eff3deb6d1cb642768c634e36677a36ced28f2bdc00824bbedbf54b089d7ec44e108b15901d94f06306a931f340cfd18c8189fd36008607c259316b5916845e093368dab0c5f771ce07e147ac400e647a5a1548992a658bc56c57e6070a87530ce8d348d093283c0d30f4c64edcebe303d14f92ada7c455f072c10e9cbb004f171e1dcbb218d63e0ce05711d331f6e40d6073d0b5bc1e6f4d5716a8245188aae053837d1d92caa969312f26c399e4af7a86879350953fbb4a2269f591ffdcfb6830eb0a8a43d9a4c4d23797c7d18212665c4be326674a9c7a67f6f7feb86fca7932c4e60deeaa22a3ca58664f8f875c8580688d23101b6d1c7f0077223a4766c12ee3a263127489357db144772ab3e4d8d8eb0a92e76df86c5d79f31a5e7dd4363ad53e1085a2a9dbb5ceab5b664dfad28f7494175ba6397b0bdc06f30542433d1eef6d4b089296b55cc14b6e89e62cc0687533ba29fdb253d611c063ae5eac2f5212eacdeb5eaadd031a9556d98b8b3d29c799d479f3414c75b6523e970977c69995aa24a8d21ddb866ec6557507164a455c0117fc7542bcab359117ebebb3efc6c8f746df7c99f6f55b1abc810a13c305776ac8d858b2da15cc1e6f10f1948e3185273469fabd9eb9994039c8f46bc0d7396744afbc0f519e0698ce86b5cadb75fa34639b0b4359f5884dff6d48f2b063298d9615dd58671b095bf99731690cb9e84656b5069bfca10cbe71a3f6233fc110d6cc6eef1572c5cf19f4c4aad3b4f57cfd5d40502c485daa642dde6dc5888d92625f46742a775af4f6df2e6994b47f5a519da3a9e6a0e6b91c01381bfb6735a9933c555c52075bef5dcf4bae551c0e43e250707c743eb7245827ddd51d8eae8deeeb40371d76c25e2322c59dd99bb84f67a7697a5657e5a7a9a2fe7886095086cbbaaab0a4770cf1c7dce9c31049b3200cc70f7e335a9df2d1e12640561df50f6211ac6b32064edb621533d416fc964e580de11465f3deec0afb4b03f565ddd422cf08bffb306fc8260b4a180b89ee92fb702addb8efa8bfe9cac56ac32b5f46bfe081fa489a60adbcaf7818295633e0471050cf36898641cce5ee46bbef945d48db967040be66a6aebe4e9f5e642adb9b2aa613a3e7ba6d96eb86d7012ff0e8a364a7dcda843f45a92c9da8e7084d639051097917f4dfb13476567aef252d0c8d71b910b655b16ddb56589eed2a4ad81ca5b0de91cfc8a066888320773e0718e6c9be78e8c1b8ba3eb6a5b21b4863dc9e649dfa12d3457da99970c07069104c56b35da2f56233ecaabee531b594f8bdd1d44d3175f138585041c3069378cee6ea36c4c1c2196c6e56803fd26fb820dfdd5d6057384510d4323ba0cf0140c43022d2013260dbaa312aa1f4c2da8f0b77f8db91269b71af261d9b02506240d5efaae7f57d9a641549d7c5b6795a99f4469d8f6d1bf13df57b6a3db99bdb2eddaea92f7913a95c55a4a0edd772d4ed64bb81a2d6541f0a57b6d067a2ba60259d92104ad6a56541fe432c1da141b2872a355c3e6feb26d01c8d35066580695a21caf9b62e51d0330e2bbadbb7cf87a91d73633278550d57526fef8f4c7bdeae4b11a47b94c651579ed2a52b3356d57cbb04763729dab1367c2ce81d247b4a98eac63be4e8c8617dc83c5cd7f30584efb371ea0a6d3453dc2b5ffdd2dae0a8fb4e8bea2730af48c1d096179bf02822a1ccb1376aa33900793dc49634655d511e360fcb1d848dce0a934406f7d98a6ab9902bd78c5c579a568353d4291a8adc2b15d732939c359da8636703076e22aa1570e2a6ba5628c83866f73afe060c874f99666849faaf1240195790ae01d088717d25ac9a43ef17883850affbf1dcd8a2b1977a9a52c1847ec27db22a7fae444eb899124b289f951df1d81de178747d11cdda25de38a885977dc93cbd1e9ed6ad3a68eb5a8564eb6674cb11991263af1bf6565ef9b2c91373fdf11e3e2e9adff989d63c4a8f48be0bc525be2c024486d6555e691e03f46ee08c154975c60b7387fc8b17355e00bd313f0ca2a342e23aa1fc40e3931b138a0549f6a65671b81ae3c36b31aaf5c27f0172472e9acc675629bab37af5d39c0ab9237c7b3bf67095b4ead4746907a75113784cdd87c849e37b05e6ef253f41c9ce433e12c96ad02fc4d8e7ab7fd50236d5f0c3b8c60df19b68fc6b197b7c28323496cd877ac075b4a82f76b3c89122e433244b93316d13214ca19007addca4cac1b952f294bedc5be42aaa731bb0fe4323a4e018c47ad1ff2a2e638107b8c303ba57d99dc46ac30e61586b6982fa39e67b02e7f6e648f9bda44be398647e2eb1311b25b8f90be75113d787f9254dc1d36b2ade68c0f88ec07d8baa2112fff48aac5ef1436f6db4cba10bb19cc9093ac47b7db12baf063f559552f63145972e33cb5ce9d86a62ca8b48155f836be8286aec752985e2d25066560577e6c661471a0de4176251f1a1e4112e20eaa4d094d276d60b999fa73119708b26b95d217915294fc514d09d4d39a6fceff14c59832de51e4110edba03cb6e50c31edc1f2dd4176c086fa8ee3093681a33c5ccb47c917ff93cf1ecc81183fab7fa8448566f2d77773b436cbbc7dcb178892c640566fb4e259d8c1d2f9af771bb6d4e1f515e96b69aa7e776e724e7700cd51de72070fb6ab192c7a3d0e212a7c7b0a554320c79ffc2a39608c6d17b3ad9f87ddc4385a6f981bb11bac5e49a02bb52125bf6d23095e8dcf8e86f3cdd89169de559a295028c747ce2bbd3dac6998b318fd5718ec24234aa7e3a3ddcdc900e3e40c6aa7294b8867e82eace11e6819e64593634fb9c68ed9357a48db249e03c31c2660f2f52ef33924364967888496f974eee993f855e8c1f716f9b2ab915fba25c075ddeaa4425f27857b2c7ff25e7d0831c5fe39867ebc49792a5c4e79ed9826e049e8e3f565e8aa32c10445a5e1b9529a968bf35c4fc6478e86d5dd66ecf2c539befa772a5c444b30ba69f42d2a857be5bb5df254e8c3856e6fd4f5fd06956dd23118824877a436df578828de3db26509a0f62a59228390d8819958a421e7b893687164f9e3b55e4f31bf81e2ccae1a64a810e47605c845fd08721c8c4bd3e6dd34a4a05e585f19173ca6e570bec97a59e1ca65f6a5612414d8ee24c2ef4e4c48a0f57f9d53a3b90b733fb81287396a2bee56ba3afde4f678ed21f35be098799a6f80866c747465440334e3fd58a5d54b26a99cbb1d07701a129522993fb0c5048295daaf31fb7ce779ef0c01c0c3cf7f335919a072dfe5ceb124e0014756b4c7b34cac00d8161a769e30c1aed06b058df5bb89c136dc0dc94ddf455888ef639fa3e3b260bc09604202986de619578897504f4d0b26ad9154058d0463fc2999417eed3c4438f9d2600eab8bdb0a37832fc40f59f909fe9fc5c261beaa82790f3051690e2aedf2a25c5a99d80424ca2c3ef95a49db6c97eb290caf8a996a5f755bbb17c4c6cfdd8917f6b8e937421fb4dcf31e100908d7d788898a1de63e10a7ed61f080110fd2dc6122fa18a03ef9a48f6967947bc78c0446788af266b20f172e6449c65356aeffa2d736c21f1002be3907938ae4fa4403ec37d00d746737fa6f7576d26402eb332d57befeba4c58ad1c1c6ebafef9d8df20c547b90ce4a5cf3a265ca4a2075b0e92b0cf8df9e88dea17176d133bd90e916252c2cfc472ed92657feaea7dfb5a125631d563dc52fcde4d339b389b22b41f5af4ad29cca03f18fe753bf48f6b4e320d80857f62e1045a5f3fb774ba008172fdbd5c2578733117cd18a704bfe1b33160ca08079f64d513a5bb44c55df1348129323700c5f7e904ea397084a520b7c8a69301dcb41ee54530b8ae6cad8a554bf8ebecb5efcdb0f2e6f4766688ae3eb62f10b2695b99a31947e38c4aa3959faa5dfa7b9f3a88f68c0c00cd61783125dc3605fa6cbf14cc74bf3e49bfcb1b9bab0814f3c30ef2f7e0f3dea8f1e244145b3f921d40cb3ee191dc39db6c77c526ff0c1b7c80ed0998a04d129b0b0da2b3e4525f7e5941464ed1be90e097a187fed3fbb4a32b6e92622759979dda87b03f52949735c0286a4738b80e1ca507856b7525eb546fa28d170060e30d4a6a969e9c994a00afea906fbe4b588fdc666e511de4326086c7b896cc0eabecb84dd11bf8102d7e0bf5e378be0c89a2683b9bef7d7e3f0f618f8fc874b7896da58267517683c19f1e191d7f81553a867cab53b20cce339765d9deb726c31ef5f2a4a65db559", 0x1000}, {&(0x7f00000014c0)="bf2651e0b6f54e6f6f864d047991cf5deb6623bfc67ba53dedd1ac4455d4a8d36bb1f2b6379537fc04f7d380c305b53485664aa9cd101d4fe8e58f93d71f89282fd703108fa9a5b2a2c0fe2b052ea6d3d411eeb2faba1c9ce5cab0037edbe5cef2cdbaec7b49a1882207341dbee7ad2709b5a717d299a7f95cdd52e40b505d7d35085634ed5087a0aa3277c23bf3b817f92282d4cbb32b8a65a4aa285f64b6ae2ee080a7f3b898cde3ea0fbbfb3a341dce9d0c444275bf62e0030d948f60a9e4a7fc32e4c17de3cdb4bf5a6e545beaf9207380e43066475e008eea21318300f5f3bf8f57cbf43a9e4fb3c9fbb35c062555678ad9", 0xf4}], 0x2, &(0x7f0000001340)=[@ip_retopts={{0x44, 0x0, 0x7, {[@end, @lsrr={0x83, 0x17, 0xf1, [@dev={0xac, 0x14, 0x14, 0x2a}, @empty, @local, @private=0xa030100, @multicast2]}, @lsrr={0x83, 0x1b, 0x6c, [@dev={0xac, 0x14, 0x14, 0x26}, @private=0xa010102, @multicast1, @private=0xa010100, @local, @dev={0xac, 0x14, 0x14, 0x2f}]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1f}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x23}}, @ip_retopts={{0xd4, 0x0, 0x7, {[@rr={0x7, 0x2b, 0x2a, [@broadcast, @multicast2, @private=0xa010100, @empty, @loopback, @broadcast, @remote, @private=0xa010101, @empty, @dev={0xac, 0x14, 0x14, 0x42}]}, @lsrr={0x83, 0x1f, 0x93, [@private=0xa010102, @remote, @loopback, @rand_addr=0x64010101, @multicast1, @broadcast, @private=0xa010102]}, @timestamp={0x44, 0x24, 0xe3, 0x0, 0x4, [0x2, 0x5, 0x8, 0x0, 0x4, 0x1, 0x6, 0x7d]}, @ra={0x94, 0x4}, @cipso={0x86, 0x46, 0x1, [{0x0, 0xe, "f716809425acc51b2ded5a9c"}, {0x1, 0x11, "c34579cb8dcef9b59d2ca066d41ff6"}, {0x6, 0x7, "d6866d9584"}, {0x0, 0x9, "b2dda946c25234"}, {0x6, 0x11, "c2bfd3b3af4ba89bc735a940a035ed"}]}, @generic={0x82, 0xa, "fc55fab7f8e29921"}]}}}], 0x150}, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1920.446165] syz-executor.1: attempt to access beyond end of device [ 1920.446165] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1920.447069] Buffer I/O error on dev loop1, logical block 10, lost async page write 10:15:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 87) 10:15:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 93) [ 1920.633810] loop1: detected capacity change from 0 to 40 [ 1920.707947] loop5: detected capacity change from 0 to 40 [ 1920.759267] syz-executor.1: attempt to access beyond end of device [ 1920.759267] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1920.760281] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1920.790122] syz-executor.5: attempt to access beyond end of device [ 1920.790122] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1920.791151] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:15:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 88) 10:15:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 94) [ 1920.892278] loop1: detected capacity change from 0 to 40 [ 1920.929772] syz-executor.4: attempt to access beyond end of device [ 1920.929772] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1920.933575] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1920.944620] loop5: detected capacity change from 0 to 40 [ 1921.009696] syz-executor.1: attempt to access beyond end of device [ 1921.009696] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1921.010648] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1921.065386] syz-executor.5: attempt to access beyond end of device [ 1921.065386] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1921.067629] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:15:25 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:42 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 89) 10:15:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat(r0, &(0x7f0000000000)='./file0\x00', 0x800, 0x100) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:42 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:42 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) 10:15:42 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:42 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 95) 10:15:42 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, 0x0, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1938.613562] loop5: detected capacity change from 0 to 40 [ 1938.635243] loop4: detected capacity change from 0 to 40 [ 1938.652564] loop1: detected capacity change from 0 to 40 [ 1938.656578] loop6: detected capacity change from 0 to 40 [ 1938.812761] FAT-fs (loop6): invalid media value (0x00) [ 1938.813684] FAT-fs (loop6): Can't find a valid FAT filesystem 10:15:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1939.175160] loop5: detected capacity change from 0 to 40 10:15:43 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x1) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb482, 0x2, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r3, r2, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000640)}, 0xd1) syz_io_uring_setup(0x7779, &(0x7f00000006c0)={0x0, 0x6aaa, 0x1, 0x1, 0x25d}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000740), &(0x7f0000000780)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f00000008c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)="f672da0bd60f6d034b4fa9339fd189fda26c6346bd84aadc40647a212627c9dcc6abbe7a74c1130a2acf498a0535e8d729408af0546fe182bb59480f94fb78ea1d53702fd2b16f88431d0715950fb7a9d15ecdb5ea709ed5578adb378a12881409353978e590e3298b3705e8336100f0f78cdb054763ec58c5cd84b0ca65426134ba67c920b55a9906986eec3d50e6e3fd9b48b10b197de394941529da3000bb887bdc83c8debe2c38f378ca701474431f6d10a1b5a9ccf7ffe3e6129bf7cb285d4dc2fce70e04d341d99a2d3bf69bba4cb5", 0xd2, 0x0, 0x1, {0x0, r5}}, 0xfffffeff) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="27010000", @ANYRES16, @ANYBLOB="000225bd7000fcdbdf253d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900620000004900000008005d0001000000"], 0x30}, 0x1, 0x0, 0x0, 0x855}, 0x20044801) [ 1939.375394] syz-executor.5: attempt to access beyond end of device [ 1939.375394] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1939.377210] Buffer I/O error on dev loop5, logical block 10, lost async page write 10:15:43 executing program 3: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x54, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:43 executing program 0: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x73, 0x45, 0x8, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x2}, 0x1080, 0x8, 0x2, 0x7, 0x2, 0x200, 0x8000, 0x0, 0x1d7, 0x0, 0x100}, 0x0, 0xb, 0xffffffffffffffff, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2007, @fd_index=0x1, 0x20, 0x0, 0x0, 0x18, 0x0, {0x1}}, 0x1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0xa7b, &(0x7f0000000540)={0x0, 0xb480, 0x8, 0x2, 0x1ec}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000600)) syz_io_uring_submit(r2, r1, &(0x7f0000000680)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0xa, &(0x7f0000000640), 0x1, 0x1}, 0xd1) 10:15:43 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x13) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c0002800c00018008000100000000000c00e97f080001000000000004000180"], 0x34}}, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040), 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:43 executing program 2: chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x402, 0x16c) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x410, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) readlink(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)=""/115, 0x73) openat(r0, &(0x7f0000000540)='./file0\x00', 0x4800, 0x2) r1 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x10001, 0x3, &(0x7f0000000380)=[{&(0x7f00000001c0)="da2283da301d9f2ae2cbb4251c93d5e4bcf92c6895adbd64f03cdd8928f03062d4d2a790033664a16fde7dc862b4227f9f4e2f86ca71e74b5fc59945849adb4ebf5dfa51fa9717725fb03f561fc30744300c6a047666471e4b3706bc561e47f9a75b7de286c973a03292df640d1d311d580784d666a979c4cf544cdb019f5887e18b078c4756aefa70c9f6775ba3be9d7fd804c866bbe99d93ab576dea3b12cca1e6df08ba116333e204", 0xaa, 0x7}, {&(0x7f0000000280)="b31282f8b6181a76f12d037d6073e34bc2369d751c42c005be1e3eb33b861798b783a81ed2c94666999046a409e35a63461137c950fab6b6a666dac7a3fc", 0x3e, 0x1f}, {&(0x7f00000002c0)="17dffeae73453178d7f6447fe92a4745ee8eead1c45f508e96e4f8e6b822fd78b7480e9c080ccfb0501bd121c90b1c44143c99ab378d264932b4d6450175112bf77eac836c6995be27a1df4f50d047b98d56a6b268b864db8fd2b3ec487aaacf51b624d84f6ca930f839ebccbae0d55f838eec1c988c3aa92d020198a6b8cafe6daa9575c3587fbf8164ff1e21333907f0c8ac93", 0x94, 0x80000000}], 0x1240080, &(0x7f0000000400)={[{@shortname_mixed}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp869'}}], [{@pcr={'pcr', 0x3d, 0xa}}, {@audit}]}) openat(r1, &(0x7f0000000000)='./file1\x00', 0x200282, 0x14) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r2, r0, 0x0, 0xfffffdef) 10:15:43 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 10:15:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000300)=""/226) sendfile(r1, r2, &(0x7f0000000040)=0x400, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 1939.720124] loop4: detected capacity change from 0 to 40 [ 1939.806931] FAT-fs (loop5): bogus number of reserved sectors [ 1939.807716] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1939.849587] loop5: detected capacity change from 0 to 264192 [ 1939.852228] loop6: detected capacity change from 0 to 40 [ 1939.877314] FAT-fs (loop6): invalid media value (0x00) [ 1939.878057] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1939.883443] loop1: detected capacity change from 0 to 40 [ 1939.991442] syz-executor.4: attempt to access beyond end of device [ 1939.991442] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1939.993984] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 1940.052506] syz-executor.1: attempt to access beyond end of device [ 1940.052506] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 1940.054089] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 1940.796572] FAT-fs (loop5): Unrecognized mount option "vfat" or missing value [ 1941.301289] ================================================================== [ 1941.301919] BUG: KASAN: use-after-free in perf_trace_lock_acquire+0x3fc/0x530 [ 1941.302539] Read of size 8 at addr ffff8880167d2030 by task kmemleak/55 [ 1941.303114] [ 1941.303272] CPU: 0 PID: 55 Comm: kmemleak Not tainted 6.1.0-rc6-next-20221125 #1 [ 1941.303916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1941.304626] Call Trace: [ 1941.304855] [ 1941.305068] dump_stack_lvl+0x8f/0xb7 [ 1941.305412] print_report+0x175/0x478 [ 1941.305764] ? perf_trace_lock_acquire+0x3fc/0x530 [ 1941.306216] kasan_report+0xbf/0x1c0 [ 1941.306565] ? perf_trace_lock_acquire+0x3fc/0x530 [ 1941.307012] perf_trace_lock_acquire+0x3fc/0x530 [ 1941.307457] ? __pfx_mark_lock.part.0+0x10/0x10 [ 1941.307888] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 1941.308373] lock_acquire+0x417/0x530 [ 1941.308712] ? kmemleak_scan+0x1a0/0x1600 [ 1941.309125] ? __pfx_lock_acquire+0x10/0x10 [ 1941.309509] ? __call_rcu_common.constprop.0+0x589/0xa40 [ 1941.310001] ? __call_rcu_common.constprop.0+0x589/0xa40 [ 1941.310482] ? lockdep_hardirqs_on+0x7d/0x100 [ 1941.310881] ? _raw_spin_lock_irq+0x45/0x50 [ 1941.311757] _raw_spin_lock_irq+0x36/0x50 [ 1941.313976] ? kmemleak_scan+0x1a0/0x1600 [ 1941.315792] kmemleak_scan+0x1a0/0x1600 [ 1941.316142] ? __pfx_process_timeout+0x10/0x10 [ 1941.316553] ? __pfx_kmemleak_scan+0x10/0x10 [ 1941.316955] ? __kthread_parkme+0x15e/0x220 [ 1941.317349] ? __pfx_kmemleak_scan_thread+0x10/0x10 [ 1941.317845] kmemleak_scan_thread+0x93/0xb5 [ 1941.318267] kthread+0x2f1/0x3a0 [ 1941.318604] ? __pfx_kthread+0x10/0x10 [ 1941.318987] ret_from_fork+0x2c/0x50 [ 1941.319372] [ 1941.319606] [ 1941.319776] Allocated by task 9550: [ 1941.320121] kasan_save_stack+0x22/0x50 [ 1941.320510] kasan_set_track+0x25/0x30 [ 1941.320891] __kasan_slab_alloc+0x5c/0x70 [ 1941.321303] kmem_cache_alloc+0x1e0/0x410 [ 1941.321727] __create_object+0x3d/0xc10 [ 1941.322115] kmem_cache_alloc_lru+0x307/0x760 [ 1941.322563] shmem_alloc_inode+0x27/0x50 [ 1941.322964] alloc_inode+0x63/0x240 [ 1941.323333] new_inode+0x25/0x1f0 [ 1941.323683] shmem_get_inode+0x191/0xdb0 [ 1941.324091] shmem_symlink+0xe5/0x690 [ 1941.324477] vfs_symlink+0x368/0x5c0 [ 1941.324868] do_symlinkat+0x133/0x280 [ 1941.325273] __x64_sys_symlink+0x79/0xa0 [ 1941.325630] do_syscall_64+0x3f/0x90 [ 1941.325953] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1941.326395] [ 1941.326544] Freed by task 127: [ 1941.326816] kasan_save_stack+0x22/0x50 [ 1941.327156] kasan_set_track+0x25/0x30 [ 1941.327486] kasan_save_free_info+0x2e/0x50 [ 1941.327857] __kasan_slab_free+0x10a/0x190 [ 1941.328218] kmem_cache_free+0xfb/0x610 [ 1941.328572] rcu_core+0x7cf/0x2070 [ 1941.328892] __do_softirq+0x1c7/0x8f9 [ 1941.329220] [ 1941.329368] Last potentially related work creation: [ 1941.329782] kasan_save_stack+0x22/0x50 [ 1941.330124] __kasan_record_aux_stack+0x95/0xb0 [ 1941.330518] __call_rcu_common.constprop.0+0x6a/0xa40 [ 1941.330960] kmem_cache_free+0xc1/0x610 [ 1941.331310] i_callback+0x46/0x70 [ 1941.331609] rcu_core+0x7cf/0x2070 [ 1941.331921] __do_softirq+0x1c7/0x8f9 [ 1941.332250] [ 1941.332396] Second to last potentially related work creation: [ 1941.332864] kasan_save_stack+0x22/0x50 [ 1941.333215] __kasan_record_aux_stack+0x95/0xb0 [ 1941.333607] __call_rcu_common.constprop.0+0x6a/0xa40 [ 1941.334048] kmem_cache_free+0xc1/0x610 [ 1941.334392] security_file_free+0xae/0xe0 [ 1941.334758] __fput+0x3db/0xa40 [ 1941.335054] task_work_run+0x174/0x280 [ 1941.335391] exit_to_user_mode_prepare+0x199/0x1a0 [ 1941.335814] syscall_exit_to_user_mode+0x1d/0x50 [ 1941.336210] do_syscall_64+0x4c/0x90 [ 1941.336530] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 1941.336964] [ 1941.337107] The buggy address belongs to the object at ffff8880167d2000 [ 1941.337107] which belongs to the cache kmemleak_object of size 368 [ 1941.338124] The buggy address is located 48 bytes inside of [ 1941.338124] 368-byte region [ffff8880167d2000, ffff8880167d2170) [ 1941.339052] [ 1941.339202] The buggy address belongs to the physical page: [ 1941.339660] page:00000000073af2f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x167d2 [ 1941.340431] head:00000000073af2f8 order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 [ 1941.341185] flags: 0x100000000010200(slab|head|node=0|zone=1) [ 1941.341713] raw: 0100000000010200 ffff88800844f780 dead000000000100 dead000000000122 [ 1941.342341] raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000 [ 1941.342969] page dumped because: kasan: bad access detected [ 1941.343425] [ 1941.343571] Memory state around the buggy address: [ 1941.343967] ffff8880167d1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1941.344565] ffff8880167d1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1941.345159] >ffff8880167d2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1941.345749] ^ [ 1941.346145] ffff8880167d2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1941.346737] ffff8880167d2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 1941.347323] ================================================================== [ 1941.347913] Disabling lock debugging due to kernel taint VM DIAGNOSIS: 10:15:45 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8247d335 RDI=ffffffff87faeae0 RBP=ffffffff87faeaa0 RSP=ffff88800bb4f550 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001 R12=0000000000000030 R13=ffffffff87faeaa0 R14=0000000000000010 R15=ffffffff8247d320 RIP=ffffffff8247d38d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe38d72ff000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe38d72fd000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000564a39dd1f50 CR3=000000000685e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000010ffffffff0000564a39dd9960 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=4d0038333234323935323d44455a494c XMM05=3d4d554e51455300363d5145534b5349 XMM06=706f6f6c2f7665642f3d454d414e5645 XMM07=5f4b534944006b636f6c623d4d455453 XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000 XMM10=00000020000000000000002000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff8440be20 RBX=ffff888008e45040 RCX=ffffffff843ec812 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffff888008ebfe58 R8 =0000000000000001 R9 =ffff88806cf34f03 R10=ffffed100d9e69e0 R11=0000000000000001 R12=ffffed10011c8a08 R13=ffffffff85d05c10 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff8440be2f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3cdd119000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3cdd117000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000564a39de60d8 CR3=000000000d7f6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffff000000060000564a39de5fc0 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=000000343d524f4e494d00373d524f4a XMM05=3d5145534b534944006b7369643d4550 XMM06=3d454d414e56454400303d444955555f XMM07=59534255530034706f6f6c2f6b636f6c XMM08=2064616572206f742064656c69614600 XMM09=00000000000000000000000000000000 XMM10=00000020000000000000002000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000